| blob | ff511665b738c87a76b30277a7bf3cb303364b4a |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- C H E C K S --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 1992-2009, Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING3. If not, go to --
19 -- http://www.gnu.org/licenses for a complete copy of the license. --
20 -- --
21 -- GNAT was originally developed by the GNAT team at New York University. --
22 -- Extensive contributions were provided by Ada Core Technologies Inc. --
23 -- --
24 ------------------------------------------------------------------------------
67 -- General note: many of these routines are concerned with generating
68 -- checking code to make sure that constraint error is raised at runtime.
69 -- Clearly this code is only needed if the expander is active, since
70 -- otherwise we will not be generating code or going into the runtime
71 -- execution anyway.
73 -- We therefore disconnect most of these checks if the expander is
74 -- inactive. This has the additional benefit that we do not need to
75 -- worry about the tree being messed up by previous errors (since errors
76 -- turn off expansion anyway).
78 -- There are a few exceptions to the above rule. For instance routines
79 -- such as Apply_Scalar_Range_Check that do not insert any code can be
80 -- safely called even when the Expander is inactive (but Errors_Detected
81 -- is 0). The benefit of executing this code when expansion is off, is
82 -- the ability to emit constraint error warning for static expressions
83 -- even when we are not generating code.
85 -------------------------------------
86 -- Suppression of Redundant Checks --
87 -------------------------------------
89 -- This unit implements a limited circuit for removal of redundant
90 -- checks. The processing is based on a tracing of simple sequential
91 -- flow. For any sequence of statements, we save expressions that are
92 -- marked to be checked, and then if the same expression appears later
93 -- with the same check, then under certain circumstances, the second
94 -- check can be suppressed.
96 -- Basically, we can suppress the check if we know for certain that
97 -- the previous expression has been elaborated (together with its
98 -- check), and we know that the exception frame is the same, and that
99 -- nothing has happened to change the result of the exception.
101 -- Let us examine each of these three conditions in turn to describe
102 -- how we ensure that this condition is met.
104 -- First, we need to know for certain that the previous expression has
105 -- been executed. This is done principly by the mechanism of calling
106 -- Conditional_Statements_Begin at the start of any statement sequence
107 -- and Conditional_Statements_End at the end. The End call causes all
108 -- checks remembered since the Begin call to be discarded. This does
109 -- miss a few cases, notably the case of a nested BEGIN-END block with
110 -- no exception handlers. But the important thing is to be conservative.
111 -- The other protection is that all checks are discarded if a label
112 -- is encountered, since then the assumption of sequential execution
113 -- is violated, and we don't know enough about the flow.
115 -- Second, we need to know that the exception frame is the same. We
116 -- do this by killing all remembered checks when we enter a new frame.
117 -- Again, that's over-conservative, but generally the cases we can help
118 -- with are pretty local anyway (like the body of a loop for example).
120 -- Third, we must be sure to forget any checks which are no longer valid.
121 -- This is done by two mechanisms, first the Kill_Checks_Variable call is
122 -- used to note any changes to local variables. We only attempt to deal
123 -- with checks involving local variables, so we do not need to worry
124 -- about global variables. Second, a call to any non-global procedure
125 -- causes us to abandon all stored checks, since such a all may affect
126 -- the values of any local variables.
128 -- The following define the data structures used to deal with remembering
129 -- checks so that redundant checks can be eliminated as described above.
131 -- Right now, the only expressions that we deal with are of the form of
132 -- simple local objects (either declared locally, or IN parameters) or
133 -- such objects plus/minus a compile time known constant. We can do
134 -- more later on if it seems worthwhile, but this catches many simple
135 -- cases in practice.
137 -- The following record type reflects a single saved check. An entry
138 -- is made in the stack of saved checks if and only if the expression
139 -- has been elaborated with the indicated checks.
143 -- Set True if entry is killed by Kill_Checks
146 -- The entity involved in the expression that is checked
149 -- A compile time value indicating the result of adding or
150 -- subtracting a compile time value. This value is to be
151 -- added to the value of the Entity. A value of zero is
152 -- used for the case of a simple entity reference.
155 -- This is set to 'R' for a range check (in which case Target_Type
156 -- is set to the target type for the range check) or to 'O' for an
157 -- overflow check (in which case Target_Type is set to Empty).
160 -- Used only if Do_Range_Check is set. Records the target type for
161 -- the check. We need this, because a check is a duplicate only if
162 -- it has a the same target type (or more accurately one with a
163 -- range that is smaller or equal to the stored target type of a
164 -- saved check).
167 -- The following table keeps track of saved checks. Rather than use an
168 -- extensible table. We just use a table of fixed size, and we discard
169 -- any saved checks that do not fit. That's very unlikely to happen and
170 -- this is only an optimization in any case.
173 -- Array of saved checks
176 -- Number of saved checks
178 -- The following stack keeps track of statement ranges. It is treated
179 -- as a stack. When Conditional_Statements_Begin is called, an entry
180 -- is pushed onto this stack containing the value of Num_Saved_Checks
181 -- at the time of the call. Then when Conditional_Statements_End is
182 -- called, this value is popped off and used to reset Num_Saved_Checks.
184 -- Note: again, this is a fixed length stack with a size that should
185 -- always be fine. If the value of the stack pointer goes above the
186 -- limit, then we just forget all saved checks.
191 -----------------------
192 -- Local Subprograms --
193 -----------------------
195 procedure Apply_Float_Conversion_Check
198 -- The checks on a conversion from a floating-point type to an integer
199 -- type are delicate. They have to be performed before conversion, they
200 -- have to raise an exception when the operand is a NaN, and rounding must
201 -- be taken into account to determine the safe bounds of the operand.
203 procedure Apply_Selected_Length_Checks
208 -- This is the subprogram that does all the work for Apply_Length_Check
209 -- and Apply_Static_Length_Check. Expr, Target_Typ and Source_Typ are as
210 -- described for the above routines. The Do_Static flag indicates that
211 -- only a static check is to be done.
213 procedure Apply_Selected_Range_Checks
218 -- This is the subprogram that does all the work for Apply_Range_Check.
219 -- Expr, Target_Typ and Source_Typ are as described for the above
220 -- routine. The Do_Static flag indicates that only a static check is
221 -- to be done.
225 -- This function is used to see if an access or division by zero check is
226 -- needed. The check is to be applied to a single variable appearing in the
227 -- source, and N is the node for the reference. If N is not of this form,
228 -- True is returned with no further processing. If N is of the right form,
229 -- then further processing determines if the given Check is needed.
230 --
231 -- The particular circuit is to see if we have the case of a check that is
232 -- not needed because it appears in the right operand of a short circuited
233 -- conditional where the left operand guards the check. For example:
234 --
235 -- if Var = 0 or else Q / Var > 12 then
236 -- ...
237 -- end if;
238 --
239 -- In this example, the division check is not required. At the same time
240 -- we can issue warnings for suspicious use of non-short-circuited forms,
241 -- such as:
242 --
243 -- if Var = 0 or Q / Var > 12 then
244 -- ...
245 -- end if;
247 procedure Find_Check
255 -- This routine is used by Enable_Range_Check and Enable_Overflow_Check
256 -- to see if a check is of the form for optimization, and if so, to see
257 -- if it has already been performed. Expr is the expression to check,
258 -- and Check_Type is 'R' for a range check, 'O' for an overflow check.
259 -- Target_Type is the target type for a range check, and Empty for an
260 -- overflow check. If the entry is not of the form for optimization,
261 -- then Entry_OK is set to False, and the remaining out parameters
262 -- are undefined. If the entry is OK, then Ent/Ofs are set to the
263 -- entity and offset from the expression. Check_Num is the number of
264 -- a matching saved entry in Saved_Checks, or zero if no such entry
265 -- is located.
268 -- If a discriminal is used in constraining a prival, Return reference
269 -- to the discriminal of the protected body (which renames the parameter
270 -- of the enclosing protected operation). This clumsy transformation is
271 -- needed because privals are created too late and their actual subtypes
272 -- are not available when analysing the bodies of the protected operations.
273 -- This function is called whenever the bound is an entity and the scope
274 -- indicates a protected operation. If the bound is an in-parameter of
275 -- a protected operation that is not a prival, the function returns the
276 -- bound itself.
277 -- To be cleaned up???
279 function Guard_Access
283 -- In the access type case, guard the test with a test to ensure
284 -- that the access value is non-null, since the checks do not
285 -- not apply to null access values.
288 -- Called by Apply_{Length,Range}_Checks to rewrite the tree with the
289 -- Constraint_Error node.
291 function Range_Or_Validity_Checks_Suppressed
293 -- Returns True if either range or validity checks or both are suppressed
294 -- for the type of the given expression, or, if the expression is the name
295 -- of an entity, if these checks are suppressed for the entity.
297 function Selected_Length_Checks
302 -- Like Apply_Selected_Length_Checks, except it doesn't modify
303 -- anything, just returns a list of nodes as described in the spec of
304 -- this package for the Range_Check function.
306 function Selected_Range_Checks
311 -- Like Apply_Selected_Range_Checks, except it doesn't modify anything,
312 -- just returns a list of nodes as described in the spec of this package
313 -- for the Range_Check function.
315 ------------------------------
316 -- Access_Checks_Suppressed --
317 ------------------------------
320 begin
323 else
328 -------------------------------------
329 -- Accessibility_Checks_Suppressed --
330 -------------------------------------
333 begin
336 else
341 -----------------------------
342 -- Activate_Division_Check --
343 -----------------------------
346 begin
351 -----------------------------
352 -- Activate_Overflow_Check --
353 -----------------------------
356 begin
361 --------------------------
362 -- Activate_Range_Check --
363 --------------------------
366 begin
371 ---------------------------------
372 -- Alignment_Checks_Suppressed --
373 ---------------------------------
376 begin
379 else
384 -------------------------
385 -- Append_Range_Checks --
386 -------------------------
388 procedure Append_Range_Checks
394 is
400 or else
403 begin
404 -- For now we just return if Checks_On is false, however this should
405 -- be enhanced to check for an always True value in the condition
406 -- and to generate a compilation warning???
417 then
423 else
424 Append_To
432 ------------------------
433 -- Apply_Access_Check --
434 ------------------------
439 begin
440 -- We do not need checks if we are not generating code (i.e. the
441 -- expander is not active). This is not just an optimization, there
442 -- are cases (e.g. with pragma Debug) where generating the checks
443 -- can cause real trouble).
449 -- No check if short circuiting makes check unnecessary
455 -- No check if accessing the Offset_To_Top component of a dispatch
456 -- table. They are safe by construction.
458 if Tagged_Type_Expansion
463 then
467 -- Otherwise go ahead and install the check
472 -------------------------------
473 -- Apply_Accessibility_Check --
474 -------------------------------
476 procedure Apply_Accessibility_Check
480 is
486 begin
490 -- Only apply the run-time check if the access parameter has an
491 -- associated extra access level parameter and when the level of the
492 -- type is less deep than the level of the access parameter, and
493 -- accessibility checks are not suppressed.
500 then
501 Param_Level :=
504 Type_Level :=
507 -- Raise Program_Error if the accessibility level of the access
508 -- parameter is deeper than the level of the target access type.
512 Condition =>
522 --------------------------------
523 -- Apply_Address_Clause_Check --
524 --------------------------------
533 -- Address expression (not necessarily the same as Aexp, for example
534 -- when Aexp is a reference to a constant, in which case Expr gets
535 -- reset to reference the value expression of the constant.
538 -- Post error warnings when alignment is known to be incompatible. Note
539 -- that we do not go as far as inserting a raise of Program_Error since
540 -- this is an erroneous case, and it may happen that we are lucky and an
541 -- underaligned address turns out to be OK after all.
543 --------------------------------
544 -- Compile_Time_Bad_Alignment --
545 --------------------------------
548 begin
550 Error_Msg_FE
553 Error_Msg_FE
560 -- Start of processing for Apply_Address_Clause_Check
562 begin
563 -- See if alignment check needed. Note that we never need a check if the
564 -- maximum alignment is one, since the check will always succeed.
566 -- Note: we do not check for checks suppressed here, since that check
567 -- was done in Sem_Ch13 when the address clause was processed. We are
568 -- only called if checks were not suppressed. The reason for this is
569 -- that we have to delay the call to Apply_Alignment_Check till freeze
570 -- time (so that all types etc are elaborated), but we have to check
571 -- the status of check suppressing at the point of the address clause.
576 then
580 -- Obtain expression from address clause
584 -- The following loop digs for the real expression to use in the check
586 loop
587 -- For constant, get constant expression
591 then
594 -- For unchecked conversion, get result to convert
599 -- For (common case) of To_Address call, get argument
604 then
611 -- We finally have the real expression
613 else
618 -- See if we know that Expr has a bad alignment at compile time
622 then
623 declare
626 begin
627 -- The object alignment might be more restrictive than the
628 -- type alignment.
635 Compile_Time_Bad_Alignment;
636 else
641 -- If the expression has the form X'Address, then we can find out if
642 -- the object X has an alignment that is compatible with the object E.
643 -- If it hasn't or we don't know, we defer issuing the warning until
644 -- the end of the compilation to take into account back end annotations.
649 then
653 -- Here we do not know if the value is acceptable. Stricly we don't have
654 -- to do anything, since if the alignment is bad, we have an erroneous
655 -- program. However we are allowed to check for erroneous conditions and
656 -- we decide to do this by default if the check is not suppressed.
658 -- However, don't do the check if elaboration code is unwanted
663 -- Generate a check to raise PE if alignment may be inappropriate
665 else
666 -- If the original expression is a non-static constant, use the
667 -- name of the constant itself rather than duplicating its
668 -- defining expression, which was extracted above.
670 -- Note: Expr is empty if the address-clause is applied to in-mode
671 -- actuals (allowed by 13.1(22)).
674 or else
679 then
681 else
687 Condition =>
689 Left_Opnd =>
691 Left_Opnd =>
692 Unchecked_Convert_To
694 Right_Opnd =>
704 exception
705 -- If we have some missing run time component in configurable run time
706 -- mode then just skip the check (it is not required in any case).
712 -------------------------------------
713 -- Apply_Arithmetic_Overflow_Check --
714 -------------------------------------
716 -- This routine is called only if the type is an integer type, and a
717 -- software arithmetic overflow check may be needed for op (add, subtract,
718 -- or multiply). This check is performed only if Software_Overflow_Checking
719 -- is enabled and Do_Overflow_Check is set. In this case we expand the
720 -- operation into a more complex sequence of tests that ensures that
721 -- overflow is properly caught.
728 begin
729 -- An interesting special case. If the arithmetic operation appears as
730 -- the operand of a type conversion:
732 -- type1 (x op y)
734 -- and all the following conditions apply:
736 -- arithmetic operation is for a signed integer type
737 -- target type type1 is a static integer subtype
738 -- range of x and y are both included in the range of type1
739 -- range of x op y is included in the range of type1
740 -- size of type1 is at least twice the result size of op
742 -- then we don't do an overflow check in any case, instead we transform
743 -- the operation so that we end up with:
745 -- type1 (type1 (x) op type1 (y))
747 -- This avoids intermediate overflow before the conversion. It is
748 -- explicitly permitted by RM 3.5.4(24):
750 -- For the execution of a predefined operation of a signed integer
751 -- type, the implementation need not raise Constraint_Error if the
752 -- result is outside the base range of the type, so long as the
753 -- correct result is produced.
755 -- It's hard to imagine that any programmer counts on the exception
756 -- being raised in this case, and in any case it's wrong coding to
757 -- have this expectation, given the RM permission. Furthermore, other
758 -- Ada compilers do allow such out of range results.
760 -- Note that we do this transformation even if overflow checking is
761 -- off, since this is precisely about giving the "right" result and
762 -- avoiding the need for an overflow check.
764 -- Note: this circuit is partially redundant with respect to the similar
765 -- processing in Exp_Ch4.Expand_N_Type_Conversion, but the latter deals
766 -- with cases that do not come through here. We still need the following
767 -- processing even with the Exp_Ch4 code in place, since we want to be
768 -- sure not to generate the arithmetic overflow check in these cases
769 -- (Exp_Ch4 would have a hard time removing them once generated).
773 then
774 declare
789 begin
792 then
796 Determine_Range
798 Determine_Range
804 then
824 -- Given that the target type is twice the size of the
825 -- source type, overflow is now impossible, so we can
826 -- safely kill the overflow check and return.
836 -- Now see if an overflow check is required
838 declare
846 begin
847 -- Skip check if back end does overflow checks, or the overflow flag
848 -- is not set anyway, or we are not doing code expansion, or the
849 -- parent node is a type conversion whose operand is an arithmetic
850 -- operation on signed integers on which the expander can promote
851 -- later the operands to type Integer (see Expand_N_Type_Conversion).
853 -- Special case CLI target, where arithmetic overflow checks can be
854 -- performed for integer and long_integer
856 if Backend_Overflow_Checks_On_Target
858 or else not Expander_Active
862 or else
864 then
868 -- Otherwise, generate the full general code for front end overflow
869 -- detection, which works by doing arithmetic in a larger type:
871 -- x op y
873 -- is expanded into
875 -- Typ (Checktyp (x) op Checktyp (y));
877 -- where Typ is the type of the original expression, and Checktyp is
878 -- an integer type of sufficient length to hold the largest possible
879 -- result.
881 -- If the size of check type exceeds the size of Long_Long_Integer,
882 -- we use a different approach, expanding to:
884 -- typ (xxx_With_Ovflo_Check (Integer_64 (x), Integer (y)))
886 -- where xxx is Add, Multiply or Subtract as appropriate
888 -- Find check type if one exists
896 -- No check type exists, use runtime call
898 else
905 else
922 -- If we fall through, we have the case where we do the arithmetic
923 -- in the next higher type and get the check by conversion. In these
924 -- cases Ctyp is set to the type to be used as the check type.
942 -- The type of the operation changes to the base type of the check
943 -- type, and we reset the overflow check indication, since clearly no
944 -- overflow is possible now that we are using a double length type.
945 -- We also set the Analyzed flag to avoid a recursive attempt to
946 -- expand the node.
952 -- Now build the outer conversion
958 -- In the discrete type case, we directly generate the range check
959 -- for the outer operand. This range check will implement the
960 -- required overflow check.
964 Generate_Range_Check
967 -- For other types, we enable overflow checking on the conversion,
968 -- after setting the node as analyzed to prevent recursive attempts
969 -- to expand the conversion node.
971 else
977 exception
983 ----------------------------
984 -- Apply_Constraint_Check --
985 ----------------------------
987 procedure Apply_Constraint_Check
991 is
994 begin
1003 -- A useful optimization: an aggregate with only an others clause
1004 -- always has the right bounds.
1008 and then Nkind
1010 = N_Others_Choice
1011 then
1021 else
1029 then
1036 -- No checks necessary if expression statically null
1043 -- No sliding possible on access to arrays
1054 then
1058 -- Apply the 2005 Null_Excluding check. Note that we do not apply
1059 -- this check if the constraint node is illegal, as shown by having
1060 -- an error posted. This additional guard prevents cascaded errors
1061 -- and compiler aborts on illegal programs involving Ada 2005 checks.
1066 then
1072 ------------------------------
1073 -- Apply_Discriminant_Check --
1074 ------------------------------
1076 procedure Apply_Discriminant_Check
1080 is
1088 -- It is possible for an aliased component to have a nominal
1089 -- unconstrained subtype (through instantiation). If this is a
1090 -- discriminated component assigned in the expansion of an aggregate
1091 -- in an initialization, the check must be suppressed. This unusual
1092 -- situation requires a predicate of its own.
1094 ----------------------------------------
1095 -- Is_Aliased_Unconstrained_Component --
1096 ----------------------------------------
1102 begin
1105 else
1112 then
1117 and then In_Instance
1121 -- Start of processing for Apply_Discriminant_Check
1123 begin
1126 else
1130 -- Nothing to do if discriminant checks are suppressed or else no code
1131 -- is to be generated
1133 if not Expander_Active
1135 then
1139 -- No discriminant checks necessary for an access when expression is
1140 -- statically Null. This is not only an optimization, it is fundamental
1141 -- because otherwise discriminant checks may be generated in init procs
1142 -- for types containing an access to a not-yet-frozen record, causing a
1143 -- deadly forward reference.
1145 -- Also, if the expression is of an access type whose designated type is
1146 -- incomplete, then the access value must be null and we suppress the
1147 -- check.
1160 -- If an assignment target is present, then we need to generate the
1161 -- actual subtype if the target is a parameter or aliased object with
1162 -- an unconstrained nominal subtype.
1164 -- Ada 2005 (AI-363): For Ada 2005, we limit the building of the actual
1165 -- subtype to the parameter and dereference cases, since other aliased
1166 -- objects are unconstrained (unless the nominal subtype is explicitly
1167 -- constrained). (But we also need to test for renamings???)
1179 N_Function_Call))
1180 then
1184 -- Nothing to do if the type is unconstrained (this is the case where
1185 -- the actual subtype in the RM sense of N is unconstrained and no check
1186 -- is required).
1191 -- Ada 2005: nothing to do if the type is one for which there is a
1192 -- partial view that is constrained.
1196 then
1200 -- Nothing to do if the type is an Unchecked_Union
1206 -- Suppress checks if the subtypes are the same. the check must be
1207 -- preserved in an assignment to a formal, because the constraint is
1208 -- given by the actual.
1214 then
1218 then
1222 -- We can also eliminate checks on allocators with a subtype mark that
1223 -- coincides with the context type. The context type may be a subtype
1224 -- without a constraint (common case, a generic actual).
1228 then
1229 declare
1233 begin
1240 then
1246 -- See if we have a case where the types are both constrained, and all
1247 -- the constraints are constants. In this case, we can do the check
1248 -- successfully at compile time.
1250 -- We skip this check for the case where the node is a rewritten`
1251 -- allocator, because it already carries the context subtype, and
1252 -- extracting the discriminants from the aggregate is messy.
1256 then
1257 declare
1264 begin
1265 -- S_Typ may not have discriminants in the case where it is a
1266 -- private type completed by a default discriminated type. In that
1267 -- case, we need to get the constraints from the underlying_type.
1268 -- If the underlying type is unconstrained (i.e. has no default
1269 -- discriminants) no check is needed.
1275 else
1277 DconS :=
1278 First_Elmt
1285 -- A further optimization: if T_Typ is derived from S_Typ
1286 -- without imposing a constraint, no check is needed.
1289 N_Full_Type_Declaration
1290 then
1291 declare
1293 Type_Definition
1295 begin
1299 then
1312 -- For a discriminated component type constrained by the
1313 -- current instance of an enclosing type, there is no
1314 -- applicable discriminant check.
1320 then
1324 -- If the expressions for the discriminants are identical
1325 -- and it is side-effect free (for now just an entity),
1326 -- this may be a shared constraint, e.g. from a subtype
1327 -- without a constraint introduced as a generic actual.
1328 -- Examine other discriminants if any.
1332 then
1337 then
1343 else
1344 Apply_Compile_Time_Constraint_Error
1362 -- Here we need a discriminant check. First build the expression
1363 -- for the comparisons of the discriminants:
1365 -- (n.disc1 /= typ.disc1) or else
1366 -- (n.disc2 /= typ.disc2) or else
1367 -- ...
1368 -- (n.discn /= typ.discn)
1372 -- If Lhs is set and is a parameter, then the condition is
1373 -- guarded by: lhs'constrained and then (condition built above)
1376 Cond :=
1378 Left_Opnd =>
1395 ------------------------
1396 -- Apply_Divide_Check --
1397 ------------------------
1414 -- Don't actually use this value
1416 begin
1417 if Expander_Active
1418 and then not Backend_Divide_Checks_On_Target
1420 then
1423 -- See if division by zero possible, and if so generate test. This
1424 -- part of the test is not controlled by the -gnato switch.
1430 Condition =>
1438 -- Test for extremely annoying case of xxx'First divided by -1
1443 then
1448 and then
1450 then
1453 Condition =>
1457 Left_Opnd =>
1462 Left_Opnd =>
1464 Right_Opnd =>
1473 ----------------------------------
1474 -- Apply_Float_Conversion_Check --
1475 ----------------------------------
1477 -- Let F and I be the source and target types of the conversion. The RM
1478 -- specifies that a floating-point value X is rounded to the nearest
1479 -- integer, with halfway cases being rounded away from zero. The rounded
1480 -- value of X is checked against I'Range.
1482 -- The catch in the above paragraph is that there is no good way to know
1483 -- whether the round-to-integer operation resulted in overflow. A remedy is
1484 -- to perform a range check in the floating-point domain instead, however:
1486 -- (1) The bounds may not be known at compile time
1487 -- (2) The check must take into account rounding or truncation.
1488 -- (3) The range of type I may not be exactly representable in F.
1489 -- (4) For the rounding case, The end-points I'First - 0.5 and
1490 -- I'Last + 0.5 may or may not be in range, depending on the
1491 -- sign of I'First and I'Last.
1492 -- (5) X may be a NaN, which will fail any comparison
1494 -- The following steps correctly convert X with rounding:
1496 -- (1) If either I'First or I'Last is not known at compile time, use
1497 -- I'Base instead of I in the next three steps and perform a
1498 -- regular range check against I'Range after conversion.
1499 -- (2) If I'First - 0.5 is representable in F then let Lo be that
1500 -- value and define Lo_OK as (I'First > 0). Otherwise, let Lo be
1501 -- F'Machine (I'First) and let Lo_OK be (Lo >= I'First).
1502 -- In other words, take one of the closest floating-point numbers
1503 -- (which is an integer value) to I'First, and see if it is in
1504 -- range or not.
1505 -- (3) If I'Last + 0.5 is representable in F then let Hi be that value
1506 -- and define Hi_OK as (I'Last < 0). Otherwise, let Hi be
1507 -- F'Machine (I'Last) and let Hi_OK be (Hi <= I'Last).
1508 -- (4) Raise CE when (Lo_OK and X < Lo) or (not Lo_OK and X <= Lo)
1509 -- or (Hi_OK and X > Hi) or (not Hi_OK and X >= Hi)
1511 -- For the truncating case, replace steps (2) and (3) as follows:
1512 -- (2) If I'First > 0, then let Lo be F'Pred (I'First) and let Lo_OK
1513 -- be False. Otherwise, let Lo be F'Succ (I'First - 1) and let
1514 -- Lo_OK be True.
1515 -- (3) If I'Last < 0, then let Hi be F'Succ (I'Last) and let Hi_OK
1516 -- be False. Otherwise let Hi be F'Pred (I'Last + 1) and let
1517 -- Hi_OK be False
1519 procedure Apply_Float_Conversion_Check
1522 is
1532 -- Parent of check node, must be a type conversion
1536 UI_Expon
1540 -- Largest bound, so bound plus or minus half is a machine number of F
1543 -- Bounds of integer type
1546 -- Bounds to check in floating-point domain
1549 -- True iff Lo resp. Hi belongs to I'Range
1552 -- Expressions that are False iff check fails
1556 begin
1559 then
1560 declare
1561 -- First check that the value falls in the range of the base type,
1562 -- to prevent overflow during conversion and then perform a
1563 -- regular range check against the (dynamic) bounds.
1571 begin
1584 Condition =>
1595 -- Get the (static) bounds of the target type
1600 -- A simple optimization: if the expression is a universal literal,
1601 -- we can do the comparison with the bounds and the conversion to
1602 -- an integer type statically. The range checks are unchanged.
1608 then
1609 declare
1612 begin
1615 -- Conversion is safe
1625 -- Check against lower bound
1639 else
1646 -- Lo_Chk := (X >= Lo)
1652 else
1653 -- Lo_Chk := (X > Lo)
1660 -- Check against higher bound
1673 else
1680 -- Hi_Chk := (X <= Hi)
1686 else
1687 -- Hi_Chk := (X < Hi)
1694 -- If the bounds of the target type are the same as those of the base
1695 -- type, the check is an overflow check as a range check is not
1696 -- performed in these cases.
1700 then
1702 else
1706 -- Raise CE if either conditions does not hold
1714 ------------------------
1715 -- Apply_Length_Check --
1716 ------------------------
1718 procedure Apply_Length_Check
1722 is
1723 begin
1724 Apply_Selected_Length_Checks
1728 -----------------------
1729 -- Apply_Range_Check --
1730 -----------------------
1732 procedure Apply_Range_Check
1736 is
1737 begin
1738 Apply_Selected_Range_Checks
1742 ------------------------------
1743 -- Apply_Scalar_Range_Check --
1744 ------------------------------
1746 -- Note that Apply_Scalar_Range_Check never turns the Do_Range_Check flag
1747 -- off if it is already set on.
1749 procedure Apply_Scalar_Range_Check
1754 is
1762 -- Set true if Expr is a subscript
1765 -- Set true if Expr is a subscript of an unconstrained array. In this
1766 -- case we do not attempt to do an analysis of the value against the
1767 -- range of the subscript, since we don't know the actual subtype.
1770 -- Set to True if Expr should be regarded as a real value even though
1771 -- the type of Expr might be discrete.
1774 -- Procedure called if value is determined to be out of range
1776 ---------------
1777 -- Bad_Value --
1778 ---------------
1781 begin
1782 Apply_Compile_Time_Constraint_Error
1788 -- Start of processing for Apply_Scalar_Range_Check
1790 begin
1791 -- Return if check obviously not needed
1793 if
1794 -- Not needed inside generic
1796 Inside_A_Generic
1798 -- Not needed if previous error
1803 -- Not needed for non-scalar type
1807 -- Not needed if we know node raises CE already
1810 then
1814 -- Now, see if checks are suppressed
1816 Is_Subscr_Ref :=
1826 -- Subscript reference. Check for Index_Checks suppressed
1830 -- Check array type and its base type
1834 then
1837 -- Check array itself if it is an entity name
1841 then
1844 -- Check expression itself if it is an entity name
1848 then
1852 -- All other cases, check for Range_Checks suppressed
1854 else
1855 -- Check target type and its base type
1859 then
1862 -- Check expression itself if it is an entity name
1866 then
1869 -- If Expr is part of an assignment statement, then check left
1870 -- side of assignment if it is an entity name.
1875 then
1881 -- Do not set range checks if they are killed
1885 then
1889 -- Do not set range checks for any values from System.Scalar_Values
1890 -- since the whole idea of such values is to avoid checking them!
1894 then
1898 -- Now see if we need a check
1902 else
1910 Is_Unconstrained_Subscr_Ref :=
1913 -- Always do a range check if the source type includes infinities and
1914 -- the target type does not include infinities. We do not do this if
1915 -- range checks are killed.
1920 then
1924 -- Return if we know expression is definitely in the range of the target
1925 -- type as determined by Determine_Range. Right now we only do this for
1926 -- discrete types, and not fixed-point or floating-point types.
1928 -- The additional less-precise tests below catch these cases
1930 -- Note: skip this if we are given a source_typ, since the point of
1931 -- supplying a Source_Typ is to stop us looking at the expression.
1932 -- We could sharpen this test to be out parameters only ???
1936 and then not Is_Unconstrained_Subscr_Ref
1938 then
1939 declare
1945 begin
1948 then
1949 declare
1953 begin
1954 -- If range is null, we for sure have a constraint error
1955 -- (we don't even need to look at the value involved,
1956 -- since all possible values will raise CE).
1959 Bad_Value;
1963 -- Otherwise determine range of value
1969 -- If definitely in range, all OK
1974 -- If definitely not in range, warn
1977 Bad_Value;
1980 -- Otherwise we don't know
1982 else
1991 Int_Real :=
1995 -- Check if we can determine at compile time whether Expr is in the
1996 -- range of the target type. Note that if S_Typ is within the bounds
1997 -- of Target_Typ then this must be the case. This check is meaningful
1998 -- only if this is not a conversion between integer and real types.
2000 if not Is_Unconstrained_Subscr_Ref
2001 and then
2003 and then
2005 or else
2010 then
2017 then
2018 Bad_Value;
2021 -- In the floating-point case, we only do range checks if the type is
2022 -- constrained. We definitely do NOT want range checks for unconstrained
2023 -- types, since we want to have infinities
2030 -- For all other cases we enable a range check unconditionally
2032 else
2038 ----------------------------------
2039 -- Apply_Selected_Length_Checks --
2040 ----------------------------------
2042 procedure Apply_Selected_Length_Checks
2047 is
2055 or else
2058 begin
2063 R_Result :=
2070 -- A length check may mention an Itype which is attached to a
2071 -- subsequent node. At the top level in a package this can cause
2072 -- an order-of-elaboration problem, so we make sure that the itype
2073 -- is referenced now.
2077 then
2088 -- If the item is a conditional raise of constraint error, then have
2089 -- a look at what check is being performed and ???
2093 then
2096 -- Case where node does not now have a dynamic check
2100 -- If checks are on, just insert the check
2109 -- If checks are off, then analyze the length check after
2110 -- temporarily attaching it to the tree in case the relevant
2111 -- condition can be evaluted at compile time. We still want a
2112 -- compile time warning in this case.
2114 else
2120 -- Output a warning if the condition is known to be True
2124 then
2125 Apply_Compile_Time_Constraint_Error
2127 CE_Length_Check_Failed,
2131 -- If we were only doing a static check, or if checks are not
2132 -- on, then we want to delete the check, since it is not needed.
2133 -- We do this by replacing the if statement by a null statement
2140 else
2146 ---------------------------------
2147 -- Apply_Selected_Range_Checks --
2148 ---------------------------------
2150 procedure Apply_Selected_Range_Checks
2155 is
2163 or else
2166 begin
2171 R_Result :=
2179 -- If the item is a conditional raise of constraint error, then have
2180 -- a look at what check is being performed and ???
2184 then
2195 -- Output a warning if the condition is known to be True
2199 then
2200 -- Since an N_Range is technically not an expression, we have
2201 -- to set one of the bounds to C_E and then just flag the
2202 -- N_Range. The warning message will point to the lower bound
2203 -- and complain about a range, which seems OK.
2206 Apply_Compile_Time_Constraint_Error
2208 CE_Range_Check_Failed,
2214 else
2215 Apply_Compile_Time_Constraint_Error
2217 CE_Range_Check_Failed,
2222 -- If we were only doing a static check, or if checks are not
2223 -- on, then we want to delete the check, since it is not needed.
2224 -- We do this by replacing the if statement by a null statement
2231 else
2237 -------------------------------
2238 -- Apply_Static_Length_Check --
2239 -------------------------------
2241 procedure Apply_Static_Length_Check
2245 is
2246 begin
2247 Apply_Selected_Length_Checks
2251 -------------------------------------
2252 -- Apply_Subscript_Validity_Checks --
2253 -------------------------------------
2258 begin
2261 -- Loop through subscripts
2266 -- Check one subscript. Note that we do not worry about enumeration
2267 -- type with holes, since we will convert the value to a Pos value
2268 -- for the subscript, and that convert will do the necessary validity
2269 -- check.
2273 -- Move to next subscript
2279 ----------------------------------
2280 -- Apply_Type_Conversion_Checks --
2281 ----------------------------------
2289 begin
2293 -- Skip these checks if serious errors detected, there are some nasty
2294 -- situations of incomplete trees that blow things up.
2299 -- Scalar type conversions of the form Target_Type (Expr) require a
2300 -- range check if we cannot be sure that Expr is in the base type of
2301 -- Target_Typ and also that Expr is in the range of Target_Typ. These
2302 -- are not quite the same condition from an implementation point of
2303 -- view, but clearly the second includes the first.
2306 declare
2308 -- If the Conversion_OK flag on the type conversion is set and no
2309 -- floating point type is involved in the type conversion then
2310 -- fixed point values must be read as integral values.
2316 begin
2318 and then not
2320 and then not Float_To_Int
2321 then
2327 then
2330 else
2331 Apply_Scalar_Range_Check
2344 then
2345 -- An unconstrained derived type may have inherited discriminant
2346 -- Build an actual discriminant constraint list using the stored
2347 -- constraint, to verify that the expression of the parent type
2348 -- satisfies the constraints imposed by the (unconstrained!)
2349 -- derived type. This applies to value conversions, not to view
2350 -- conversions of tagged types.
2352 declare
2363 begin
2370 then
2375 then
2376 -- Parent is constrained by new discriminant. Obtain
2377 -- Value of original discriminant in expression. If the
2378 -- new discriminant has been used to constrain more than
2379 -- one of the stored discriminants, this will provide the
2380 -- required consistency check.
2382 Append_Elmt (
2384 Prefix =>
2385 Duplicate_Subexpr_No_Checks
2387 Selector_Name =>
2389 New_Constraints);
2391 else
2392 -- Discriminant of more remote ancestor ???
2397 -- Derived type definition has an explicit value for this
2398 -- stored discriminant.
2400 else
2401 Append_Elmt
2403 New_Constraints);
2409 -- Use the unconstrained expression type to retrieve the
2410 -- discriminants of the parent, and apply momentarily the
2411 -- discriminant constraint synthesized above.
2423 -- For arrays, conversions are applied during expansion, to take into
2424 -- accounts changes of representation. The checks become range checks on
2425 -- the base type or length checks on the subtype, depending on whether
2426 -- the target type is unconstrained or constrained.
2428 else
2433 ----------------------------------------------
2434 -- Apply_Universal_Integer_Attribute_Checks --
2435 ----------------------------------------------
2441 begin
2445 -- Nothing to do if checks are suppressed
2449 then
2452 -- Nothing to do if the attribute does not come from source. The
2453 -- internal attributes we generate of this type do not need checks,
2454 -- and furthermore the attempt to check them causes some circular
2455 -- elaboration orders when dealing with packed types.
2460 -- If the prefix is a selected component that depends on a discriminant
2461 -- the check may improperly expose a discriminant instead of using
2462 -- the bounds of the object itself. Set the type of the attribute to
2463 -- the base type of the context, so that a check will be imposed when
2464 -- needed (e.g. if the node appears as an index).
2469 then
2472 -- Otherwise, replace the attribute node with a type conversion node
2473 -- whose expression is the attribute, retyped to universal integer, and
2474 -- whose subtype mark is the target type. The call to analyze this
2475 -- conversion will set range and overflow checks as required for proper
2476 -- detection of an out of range value.
2478 else
2492 -------------------------------
2493 -- Build_Discriminant_Checks --
2494 -------------------------------
2496 function Build_Discriminant_Checks
2499 is
2509 ----------------------------------
2510 -- Aggregate_Discriminant_Value --
2511 ----------------------------------
2516 begin
2517 -- The aggregate has been normalized with named associations. We use
2518 -- the Chars field to locate the discriminant to take into account
2519 -- discriminants in derived types, which carry the same name as those
2520 -- in the parent.
2526 else
2531 -- Discriminant must have been found in the loop above
2536 -- Start of processing for Build_Discriminant_Checks
2538 begin
2539 -- Loop through discriminants evolving the condition
2544 -- For a fully private type, use the discriminants of the parent type
2548 then
2550 else
2559 then
2561 else
2565 -- If we have an Unchecked_Union node, we can infer the discriminants
2566 -- of the node.
2570 Get_Discriminant_Value (
2572 T_Typ,
2576 Dref :=
2577 Duplicate_Subexpr_No_Checks
2580 else
2581 Dref :=
2583 Prefix =>
2585 Selector_Name =>
2603 ------------------
2604 -- Check_Needed --
2605 ------------------
2614 begin
2615 -- Always check if not simple entity
2619 then
2623 -- Look up tree for short circuit
2626 loop
2630 -- Done if out of subexpression (note that we allow generated stuff
2631 -- such as itype declarations in this context, to keep the loop going
2632 -- since we may well have generated such stuff in complex situations.
2633 -- Also done if no parent (probably an error condition, but no point
2634 -- in behaving nasty if we find it!)
2638 then
2641 -- Or/Or Else case, where test is part of the right operand, or is
2642 -- part of one of the actions associated with the right operand, and
2643 -- the left operand is an equality test.
2651 or else
2656 -- Similar test for the And/And then case, where the left operand
2657 -- is an inequality test.
2665 or else
2674 -- If we fall through the loop, then we have a conditional with an
2675 -- appropriate test as its left operand. So test further.
2681 -- Left operand of test must match original variable
2685 then
2689 -- Right operand of test must be key value (zero or null)
2700 then
2708 -- Here we have the optimizable case, warn if not short-circuited
2713 Error_Msg_N
2717 Error_Msg_N
2727 else
2731 -- If not short-circuited, we need the ckeck
2735 -- If short-circuited, we can omit the check
2737 else
2742 -----------------------------------
2743 -- Check_Valid_Lvalue_Subscripts --
2744 -----------------------------------
2747 begin
2748 -- Skip this if range checks are suppressed
2753 -- Only do this check for expressions that come from source. We assume
2754 -- that expander generated assignments explicitly include any necessary
2755 -- checks. Note that this is not just an optimization, it avoids
2756 -- infinite recursions!
2761 -- For a selected component, check the prefix
2767 -- Case of indexed component
2772 -- Prefix may itself be or contain an indexed component, and these
2773 -- subscripts need checking as well.
2779 ----------------------------------
2780 -- Null_Exclusion_Static_Checks --
2781 ----------------------------------
2790 begin
2791 pragma Assert
2800 else
2808 else
2830 -- Enforce legality rule 3.10 (13): A null exclusion can only be
2831 -- applied to an access [sub]type.
2834 Error_Msg_N
2837 -- Enforce legality rule RM 3.10(14/1): A null exclusion can only
2838 -- be applied to a [sub]type that does not exclude null already.
2842 then
2843 Error_Msg_NE
2849 -- Check that null-excluding objects are always initialized, except for
2850 -- deferred constants, for which the expression will appear in the full
2851 -- declaration.
2857 then
2858 -- Add an expression that assigns null. This node is needed by
2859 -- Apply_Compile_Time_Constraint_Error, which will replace this with
2860 -- a Constraint_Error node.
2865 Apply_Compile_Time_Constraint_Error
2871 -- Check that a null-excluding component, formal or object is not being
2872 -- assigned a null value. Otherwise generate a warning message and
2873 -- replace Expression (N) by an N_Constraint_Error node.
2880 when N_Component_Declaration |
2881 N_Discriminant_Specification =>
2882 Apply_Compile_Time_Constraint_Error
2889 Apply_Compile_Time_Constraint_Error
2896 Apply_Compile_Time_Constraint_Error
2909 ----------------------------------
2910 -- Conditional_Statements_Begin --
2911 ----------------------------------
2914 begin
2917 -- If stack overflows, kill all checks, that way we know to simply reset
2918 -- the number of saved checks to zero on return. This should never occur
2919 -- in practice.
2922 Kill_All_Checks;
2924 -- In the normal case, we just make a new stack entry saving the current
2925 -- number of saved checks for a later restore.
2927 else
2932 Num_Saved_Checks);
2937 --------------------------------
2938 -- Conditional_Statements_End --
2939 --------------------------------
2942 begin
2945 -- If the saved checks stack overflowed, then we killed all checks, so
2946 -- setting the number of saved checks back to zero is correct. This
2947 -- should never occur in practice.
2952 -- In the normal case, restore the number of saved checks from the top
2953 -- stack entry.
2955 else
2959 Num_Saved_Checks);
2966 ---------------------
2967 -- Determine_Range --
2968 ---------------------
2972 -- Determine size of below cache (power of 2 is more efficient!)
2978 -- The above arrays are used to implement a small direct cache for
2979 -- Determine_Range calls. Because of the way Determine_Range recursively
2980 -- traces subexpressions, and because overflow checking calls the routine
2981 -- on the way up the tree, a quadratic behavior can otherwise be
2982 -- encountered in large expressions. The cache entry for node N is stored
2983 -- in the (N mod Cache_Size) entry, and can be validated by checking the
2984 -- actual node value stored there. The Range_Cache_V array records the
2985 -- setting of Assume_Valid for the cache entry.
2987 procedure Determine_Range
2993 is
2995 -- Type to use, may get reset to base type for possibly invalid entity
2999 -- Lo and Hi bounds of left operand
3003 -- Lo and Hi bounds of right (or only) operand
3006 -- Temp variable used to hold a bound node
3009 -- High bound of base type of expression
3013 -- Refined values for low and high bounds, after tightening
3016 -- Used in lower level calls to indicate if call succeeded
3019 -- Used to search cache
3022 -- Used for binary operators. Determines the ranges of the left and
3023 -- right operands, and if they are both OK, returns True, and puts
3024 -- the results in Lo_Right, Hi_Right, Lo_Left, Hi_Left.
3026 -----------------
3027 -- OK_Operands --
3028 -----------------
3031 begin
3032 Determine_Range
3039 Determine_Range
3044 -- Start of processing for Determine_Range
3046 begin
3047 -- Prevent junk warnings by initializing range variables
3054 -- If type is not defined, we can't determine its range
3058 -- We don't deal with anything except discrete types
3062 -- Ignore type for which an error has been posted, since range in
3063 -- this case may well be a bogosity deriving from the error. Also
3064 -- ignore if error posted on the reference node.
3067 then
3072 -- For all other cases, we can determine the range
3076 -- If value is compile time known, then the possible range is the one
3077 -- value that we know this expression definitely has!
3085 -- Return if already in the cache
3090 and then
3092 then
3098 -- Otherwise, start by finding the bounds of the type of the expression,
3099 -- the value cannot be outside this range (if it is, then we have an
3100 -- overflow situation, which is a separate check, we are talking here
3101 -- only about the expression value).
3103 -- First a check, never try to find the bounds of a generic type, since
3104 -- these bounds are always junk values, and it is only valid to look at
3105 -- the bounds in an instance.
3112 -- First step, change to use base type unless we know the value is valid
3115 or else Assume_No_Invalid_Values
3116 or else Assume_Valid
3117 then
3119 else
3123 -- We use the actual bound unless it is dynamic, in which case use the
3124 -- corresponding base type bound if possible. If we can't get a bound
3125 -- then we figure we can't determine the range (a peculiar case, that
3126 -- perhaps cannot happen, but there is no point in bombing in this
3127 -- optimization circuit.
3129 -- First the low bound
3139 else
3144 -- Now the high bound
3148 -- We need the high bound of the base type later on, and this should
3149 -- always be compile time known. Again, it is not clear that this
3150 -- can ever be false, but no point in bombing.
3156 else
3161 -- If we have a static subtype, then that may have a tighter bound so
3162 -- use the upper bound of the subtype instead in this case.
3168 -- We may be able to refine this value in certain situations. If any
3169 -- refinement is possible, then Lor and Hir are set to possibly tighter
3170 -- bounds, and OK1 is set to True.
3174 -- For unary plus, result is limited by range of operand
3177 Determine_Range
3180 -- For unary minus, determine range of operand, and negate it
3183 Determine_Range
3191 -- For binary addition, get range of each operand and do the
3192 -- addition to get the result range.
3200 -- Division is tricky. The only case we consider is where the right
3201 -- operand is a positive constant, and in this case we simply divide
3202 -- the bounds of the left operand
3208 then
3212 else
3217 -- For binary subtraction, get range of each operand and do the worst
3218 -- case subtraction to get the result range.
3226 -- For MOD, if right operand is a positive constant, then result must
3227 -- be in the allowable range of mod results.
3233 then
3243 else
3248 -- For REM, if right operand is a positive constant, then result must
3249 -- be in the allowable range of mod results.
3255 then
3256 declare
3259 begin
3260 -- The sign of the result depends on the sign of the
3261 -- dividend (but not on the sign of the divisor, hence
3262 -- the abs operation above).
3266 else
3272 else
3277 else
3282 -- Attribute reference cases
3287 -- For Pos/Val attributes, we can refine the range using the
3288 -- possible range of values of the attribute expression.
3291 Determine_Range
3294 -- For Length attribute, use the bounds of the corresponding
3295 -- index type to refine the range.
3298 declare
3306 begin
3311 -- For string literal, we know exact value
3320 -- Otherwise check for expression given
3324 else
3325 Inum :=
3334 Determine_Range
3336 Assume_Valid);
3339 Determine_Range
3341 Assume_Valid);
3345 -- The maximum value for Length is the biggest
3346 -- possible gap between the values of the bounds.
3347 -- But of course, this value cannot be negative.
3351 -- For constrained arrays, the minimum value for
3352 -- Length is taken from the actual value of the
3353 -- bounds, since the index will be exactly of
3354 -- this subtype.
3359 -- For an unconstrained array, the minimum value
3360 -- for length is always zero.
3362 else
3369 -- No special handling for other attributes
3370 -- Probably more opportunities exist here ???
3377 -- For type conversion from one discrete type to another, we can
3378 -- refine the range using the converted value.
3383 -- Nothing special to do for all other expression kinds
3391 -- At this stage, if OK1 is true, then we know that the actual
3392 -- result of the computed expression is in the range Lor .. Hir.
3393 -- We can use this to restrict the possible range of results.
3397 -- If the refined value of the low bound is greater than the
3398 -- type high bound, then reset it to the more restrictive
3399 -- value. However, we do NOT do this for the case of a modular
3400 -- type where the possible upper bound on the value is above the
3401 -- base type high bound, because that means the result could wrap.
3406 then
3410 -- Similarly, if the refined value of the high bound is less
3411 -- than the value so far, then reset it to the more restrictive
3412 -- value. Again, we do not do this if the refined low bound is
3413 -- negative for a modular type, since this would wrap.
3418 then
3423 -- Set cache entry for future call and we are all done
3431 -- If any exception occurs, it means that we have some bug in the compiler
3432 -- possibly triggered by a previous error, or by some unforseen peculiar
3433 -- occurrence. However, this is only an optimization attempt, so there is
3434 -- really no point in crashing the compiler. Instead we just decide, too
3435 -- bad, we can't figure out a range in this case after all.
3437 exception
3440 -- Debug flag K disables this behavior (useful for debugging)
3444 else
3452 ------------------------------------
3453 -- Discriminant_Checks_Suppressed --
3454 ------------------------------------
3457 begin
3469 --------------------------------
3470 -- Division_Checks_Suppressed --
3471 --------------------------------
3474 begin
3477 else
3482 -----------------------------------
3483 -- Elaboration_Checks_Suppressed --
3484 -----------------------------------
3487 begin
3488 -- The complication in this routine is that if we are in the dynamic
3489 -- model of elaboration, we also check All_Checks, since All_Checks
3490 -- does not set Elaboration_Check explicitly.
3501 else
3511 else
3516 ---------------------------
3517 -- Enable_Overflow_Check --
3518 ---------------------------
3529 begin
3537 -- No check if overflow checks suppressed for type of node
3541 then
3544 -- Nothing to do for unsigned integer types, which do not overflow
3549 -- Nothing to do if the range of the result is known OK. We skip this
3550 -- for conversions, since the caller already did the check, and in any
3551 -- case the condition for deleting the check for a type conversion is
3552 -- different.
3557 -- Note in the test below that we assume that the range is not OK
3558 -- if a bound of the range is equal to that of the type. That's not
3559 -- quite accurate but we do this for the following reasons:
3561 -- a) The way that Determine_Range works, it will typically report
3562 -- the bounds of the value as being equal to the bounds of the
3563 -- type, because it either can't tell anything more precise, or
3564 -- does not think it is worth the effort to be more precise.
3566 -- b) It is very unusual to have a situation in which this would
3567 -- generate an unnecessary overflow check (an example would be
3568 -- a subtype with a range 0 .. Integer'Last - 1 to which the
3569 -- literal value one is added).
3571 -- c) The alternative is a lot of special casing in this routine
3572 -- which would partially duplicate Determine_Range processing.
3574 if OK
3577 then
3586 -- If not in optimizing mode, set flag and we are done. We are also done
3587 -- (and just set the flag) if the type is not a discrete type, since it
3588 -- is not worth the effort to eliminate checks for other than discrete
3589 -- types. In addition, we take this same path if we have stored the
3590 -- maximum number of checks possible already (a very unlikely situation,
3591 -- but we do not want to blow up!)
3596 then
3606 -- Otherwise evaluate and check the expression
3608 Find_Check
3629 -- If check is not of form to optimize, then set flag and we are done
3636 -- If check is already performed, then return without setting flag
3646 -- Here we will make a new entry for the new check
3666 -- If we get an exception, then something went wrong, probably because of
3667 -- an error in the structure of the tree due to an incorrect program. Or it
3668 -- may be a bug in the optimization circuit. In either case the safest
3669 -- thing is simply to set the check flag unconditionally.
3671 exception
3682 ------------------------
3683 -- Enable_Range_Check --
3684 ------------------------
3694 begin
3695 -- Return if unchecked type conversion with range check killed. In this
3696 -- case we never set the flag (that's what Kill_Range_Check is about!)
3700 then
3704 -- Check for various cases where we should suppress the range check
3706 -- No check if range checks suppressed for type of node
3710 then
3713 -- No check if node is an entity name, and range checks are suppressed
3714 -- for this entity, or for the type of this entity.
3719 then
3722 -- No checks if index of array, and index checks are suppressed for
3723 -- the array object or the type of the array.
3726 declare
3728 begin
3731 then
3739 -- Debug trace output
3748 -- If not in optimizing mode, set flag and we are done. We are also done
3749 -- (and just set the flag) if the type is not a discrete type, since it
3750 -- is not worth the effort to eliminate checks for other than discrete
3751 -- types. In addition, we take this same path if we have stored the
3752 -- maximum number of checks possible already (a very unlikely situation,
3753 -- but we do not want to blow up!)
3759 then
3769 -- Otherwise find out the target type
3773 -- For assignment, use left side subtype
3777 then
3780 -- For indexed component, use subscript subtype
3783 declare
3788 begin
3794 -- If the prefix is an access to an unconstrained array,
3795 -- perform check unconditionally: it depends on the bounds of
3796 -- an object and we cannot currently recognize whether the test
3797 -- may be redundant.
3804 -- Ditto if the prefix is an explicit dereference whose designated
3805 -- type is unconstrained.
3809 then
3816 loop
3827 -- For now, ignore all other cases, they are not so interesting
3829 else
3838 -- Evaluate and check the expression
3840 Find_Check
3862 -- If check is not of form to optimize, then set flag and we are done
3873 -- If check is already performed, then return without setting flag
3883 -- Here we will make a new entry for the new check
3904 -- If we get an exception, then something went wrong, probably because of
3905 -- an error in the structure of the tree due to an incorrect program. Or
3906 -- it may be a bug in the optimization circuit. In either case the safest
3907 -- thing is simply to set the check flag unconditionally.
3909 exception
3920 ------------------
3921 -- Ensure_Valid --
3922 ------------------
3927 begin
3928 -- Ignore call if we are not doing any validity checking
3933 -- Ignore call if range or validity checks suppressed on entity or type
3938 -- No check required if expression is from the expander, we assume the
3939 -- expander will generate whatever checks are needed. Note that this is
3940 -- not just an optimization, it avoids infinite recursions!
3942 -- Unchecked conversions must be checked, unless they are initialized
3943 -- scalar values, as in a component assignment in an init proc.
3945 -- In addition, we force a check if Force_Validity_Checks is set
3948 and then not Force_Validity_Checks
3951 then
3954 -- No check required if expression is known to have valid value
3959 -- Ignore case of enumeration with holes where the flag is set not to
3960 -- worry about holes, since no special validity check is needed
3964 and then Holes_OK
3965 then
3968 -- No check required on the left-hand side of an assignment
3972 then
3975 -- No check on a univeral real constant. The context will eventually
3976 -- convert it to a machine number for some target type, or report an
3977 -- illegality.
3981 then
3984 -- If the expression denotes a component of a packed boolean arrray,
3985 -- no possible check applies. We ignore the old ACATS chestnuts that
3986 -- involve Boolean range True..True.
3988 -- Note: validity checks are generated for expressions that yield a
3989 -- scalar type, when it is possible to create a value that is outside of
3990 -- the type. If this is a one-bit boolean no such value exists. This is
3991 -- an optimization, and it also prevents compiler blowing up during the
3992 -- elaboration of improperly expanded packed array references.
3997 then
4000 -- An annoying special case. If this is an out parameter of a scalar
4001 -- type, then the value is not going to be accessed, therefore it is
4002 -- inappropriate to do any validity check at the call site.
4004 else
4005 -- Only need to worry about scalar types
4008 declare
4016 begin
4017 -- Find actual argument (which may be a parameter association)
4018 -- and the parent of the actual argument (the call statement)
4028 -- Only need to worry if we are argument of a procedure call
4029 -- since functions don't have out parameters. If this is an
4030 -- indirect or dispatching call, get signature from the
4031 -- subprogram type.
4038 else
4043 -- Only need to worry if there are indeed actuals, and if
4044 -- this could be a procedure call, otherwise we cannot get a
4045 -- match (either we are not an argument, or the mode of the
4046 -- formal is not OUT). This test also filters out the
4047 -- generic case.
4051 then
4052 -- This is the loop through parameters, looking for an
4053 -- OUT parameter for which we are the argument.
4071 -- If we fall through, a validity check is required
4077 then
4082 ----------------------
4083 -- Expr_Known_Valid --
4084 ----------------------
4089 begin
4090 -- Non-scalar types are always considered valid, since they never give
4091 -- rise to the issues of erroneous or bounded error behavior that are
4092 -- the concern. In formal reference manual terms the notion of validity
4093 -- only applies to scalar types. Note that even when packed arrays are
4094 -- represented using modular types, they are still arrays semantically,
4095 -- so they are also always valid (in particular, the unused bits can be
4096 -- random rubbish without affecting the validity of the array value).
4101 -- If no validity checking, then everything is considered valid
4106 -- Floating-point types are considered valid unless floating-point
4107 -- validity checks have been specifically turned on.
4110 and then not Validity_Check_Floating_Point
4111 then
4114 -- If the expression is the value of an object that is known to be
4115 -- valid, then clearly the expression value itself is valid.
4119 then
4122 -- References to discriminants are always considered valid. The value
4123 -- of a discriminant gets checked when the object is built. Within the
4124 -- record, we consider it valid, and it is important to do so, since
4125 -- otherwise we can try to generate bogus validity checks which
4126 -- reference discriminants out of scope. Discriminants of concurrent
4127 -- types are excluded for the same reason.
4131 then
4134 -- If the type is one for which all values are known valid, then we are
4135 -- sure that the value is valid except in the slightly odd case where
4136 -- the expression is a reference to a variable whose size has been
4137 -- explicitly set to a value greater than the object size.
4143 then
4145 else
4149 -- Integer and character literals always have valid values, where
4150 -- appropriate these will be range checked in any case.
4153 or else
4155 then
4158 -- If we have a type conversion or a qualification of a known valid
4159 -- value, then the result will always be valid.
4162 or else
4164 then
4167 -- The result of any operator is always considered valid, since we
4168 -- assume the necessary checks are done by the operator. For operators
4169 -- on floating-point operations, we must also check when the operation
4170 -- is the right-hand side of an assignment, or is an actual in a call.
4174 and then Validity_Check_Floating_Point
4175 and then
4179 then
4181 else
4185 -- The result of a membership test is always valid, since it is true or
4186 -- false, there are no other possibilities.
4191 -- For all other cases, we do not know the expression is valid
4193 else
4198 ----------------
4199 -- Find_Check --
4200 ----------------
4202 procedure Find_Check
4210 is
4211 function Within_Range_Of
4214 -- Given a requirement for checking a range against Target_Type, and
4215 -- and a range Check_Type against which a check has already been made,
4216 -- determines if the check against check type is sufficient to ensure
4217 -- that no check against Target_Type is required.
4219 ---------------------
4220 -- Within_Range_Of --
4221 ---------------------
4223 function Within_Range_Of
4226 is
4227 begin
4231 else
4232 declare
4238 begin
4241 and then
4243 and then
4245 and then
4248 and then
4250 and then
4252 then
4254 else
4261 -- Start of processing for Find_Check
4263 begin
4264 -- Establish default, in case no entry is found
4268 -- Case of expression is simple entity reference
4274 -- Case of expression is entity + known constant
4279 then
4283 -- Case of expression is entity - known constant
4288 then
4292 -- Any other expression is not of the right form
4294 else
4301 -- Come here with expression of appropriate form, check if entity is an
4302 -- appropriate one for our purposes.
4307 then
4309 else
4314 -- See if there is matching check already
4317 declare
4320 begin
4326 then
4333 -- If we fall through entry was not found
4338 ---------------------------------
4339 -- Generate_Discriminant_Check --
4340 ---------------------------------
4342 -- Note: the code for this procedure is derived from the
4343 -- Emit_Discriminant_Check Routine in trans.c.
4352 -- The original component to be checked
4356 -- The discriminant checking function
4359 -- One discriminant to be checked in the type
4362 -- Actual discriminant in the call
4365 -- Type of relevant prefix (ignoring private/access stuff)
4368 -- List of arguments for function call
4371 -- Keep track of the formal corresponding to the actual we build for
4372 -- each discriminant, in order to be able to perform the necessary type
4373 -- conversions.
4376 -- Selected component reference for checking function argument
4378 begin
4381 -- Force evaluation of the prefix, so that it does not get evaluated
4382 -- twice (once for the check, once for the actual reference). Such a
4383 -- double evaluation is always a potential source of inefficiency,
4384 -- and is functionally incorrect in the volatile case, or when the
4385 -- prefix may have side-effects. An entity or a component of an
4386 -- entity requires no evaluation.
4398 then
4401 else
4405 -- For a tagged type, use the scope of the original component to
4406 -- obtain the type, because ???
4411 -- For an untagged derived type, use the discriminants of the parent
4412 -- which have been renamed in the derivation, possibly by a one-to-many
4413 -- discriminant constraint. For non-tagged type, initially get the Etype
4414 -- of the prefix
4416 else
4420 then
4425 -- We definitely should have a checking function, This routine should
4426 -- not be called if no discriminant checking function is present.
4430 -- Create the list of the actual parameters for the call. This list
4431 -- is the list of the discriminant fields of the record expression to
4432 -- be discriminant checked.
4439 -- If we have a corresponding discriminant field, and a parent
4440 -- subtype is present, then we want to use the corresponding
4441 -- discriminant since this is the one with the useful value.
4446 then
4448 else
4452 -- Construct the reference to the discriminant
4454 Scomp :=
4456 Prefix =>
4461 -- Manually analyze and resolve this selected component. We really
4462 -- want it just as it appears above, and do not want the expander
4463 -- playing discriminal games etc with this reference. Then we append
4464 -- the argument to the list we are gathering.
4474 -- Now build and insert the call
4478 Condition =>
4485 ---------------------------
4486 -- Generate_Index_Checks --
4487 ---------------------------
4496 begin
4497 -- Ignore call if index checks suppressed for array object or type
4501 then
4505 -- Generate the checks
4513 -- Force evaluation except for the case of a simple name of a
4514 -- non-volatile entity.
4518 then
4522 -- Generate a raise of constraint error with the appropriate
4523 -- reason and a condition of the form:
4525 -- Base_Type(Sub) not in array'range (subscript)
4527 -- Note that the reason we generate the conversion to the base
4528 -- type here is that we definitely want the range check to take
4529 -- place, even if it looks like the subtype is OK. Optimization
4530 -- considerations that allow us to omit the check have already
4531 -- been taken into account in the setting of the Do_Range_Check
4532 -- flag earlier on.
4536 else
4542 Condition =>
4544 Left_Opnd =>
4547 Right_Opnd =>
4549 Prefix =>
4561 --------------------------
4562 -- Generate_Range_Check --
4563 --------------------------
4565 procedure Generate_Range_Check
4569 is
4575 begin
4576 -- First special case, if the source type is already within the range
4577 -- of the target type, then no check is needed (probably we should have
4578 -- stopped Do_Range_Check from being set in the first place, but better
4579 -- late than later in preventing junk code!
4581 -- We do NOT apply this if the source node is a literal, since in this
4582 -- case the literal has already been labeled as having the subtype of
4583 -- the target.
4586 and then not
4588 or else
4590 or else
4592 or else
4595 then
4599 -- We need a check, so force evaluation of the node, so that it does
4600 -- not get evaluated twice (once for the check, once for the actual
4601 -- reference). Such a double evaluation is always a potential source
4602 -- of inefficiency, and is functionally incorrect in the volatile case.
4606 then
4610 -- The easiest case is when Source_Base_Type and Target_Base_Type are
4611 -- the same since in this case we can simply do a direct check of the
4612 -- value of N against the bounds of Target_Type.
4614 -- [constraint_error when N not in Target_Type]
4616 -- Note: this is by far the most common case, for example all cases of
4617 -- checks on the RHS of assignments are in this category, but not all
4618 -- cases are like this. Notably conversions can involve two types.
4623 Condition =>
4629 -- Next test for the case where the target type is within the bounds
4630 -- of the base type of the source type, since in this case we can
4631 -- simply convert these bounds to the base type of T to do the test.
4633 -- [constraint_error when N not in
4634 -- Source_Base_Type (Target_Type'First)
4635 -- ..
4636 -- Source_Base_Type(Target_Type'Last))]
4638 -- The conversions will always work and need no check
4640 -- Unchecked_Convert_To is used instead of Convert_To to handle the case
4641 -- of converting from an enumeration value to an integer type, such as
4642 -- occurs for the case of generating a range check on Enum'Val(Exp)
4643 -- (which used to be handled by gigi). This is OK, since the conversion
4644 -- itself does not require a check.
4649 Condition =>
4653 Right_Opnd =>
4655 Low_Bound =>
4658 Prefix =>
4662 High_Bound =>
4665 Prefix =>
4670 -- Note that at this stage we now that the Target_Base_Type is not in
4671 -- the range of the Source_Base_Type (since even the Target_Type itself
4672 -- is not in this range). It could still be the case that Source_Type is
4673 -- in range of the target base type since we have not checked that case.
4675 -- If that is the case, we can freely convert the source to the target,
4676 -- and then test the target result against the bounds.
4680 -- We make a temporary to hold the value of the converted value
4681 -- (converted to the base type), and then we will do the test against
4682 -- this temporary.
4684 -- Tnn : constant Target_Base_Type := Target_Base_Type (N);
4685 -- [constraint_error when Tnn not in Target_Type]
4687 -- Then the conversion itself is replaced by an occurrence of Tnn
4689 declare
4694 begin
4698 Object_Definition =>
4701 Expression =>
4707 Condition =>
4716 -- Set the type of N, because the declaration for Tnn might not
4717 -- be analyzed yet, as is the case if N appears within a record
4718 -- declaration, as a discriminant constraint or expression.
4723 -- At this stage, we know that we have two scalar types, which are
4724 -- directly convertible, and where neither scalar type has a base
4725 -- range that is in the range of the other scalar type.
4727 -- The only way this can happen is with a signed and unsigned type.
4728 -- So test for these two cases:
4730 else
4731 -- Case of the source is unsigned and the target is signed
4735 then
4736 -- If the source is unsigned and the target is signed, then we
4737 -- know that the source is not shorter than the target (otherwise
4738 -- the source base type would be in the target base type range).
4740 -- In other words, the unsigned type is either the same size as
4741 -- the target, or it is larger. It cannot be smaller.
4743 pragma Assert
4746 -- We only need to check the low bound if the low bound of the
4747 -- target type is non-negative. If the low bound of the target
4748 -- type is negative, then we know that we will fit fine.
4750 -- If the high bound of the target type is negative, then we
4751 -- know we have a constraint error, since we can't possibly
4752 -- have a negative source.
4754 -- With these two checks out of the way, we can do the check
4755 -- using the source type safely
4757 -- This is definitely the most annoying case!
4759 -- [constraint_error
4760 -- when (Target_Type'First >= 0
4761 -- and then
4762 -- N < Source_Base_Type (Target_Type'First))
4763 -- or else Target_Type'Last < 0
4764 -- or else N > Source_Base_Type (Target_Type'Last)];
4766 -- We turn off all checks since we know that the conversions
4767 -- will work fine, given the guards for negative values.
4771 Condition =>
4774 Left_Opnd =>
4777 Left_Opnd =>
4779 Prefix =>
4784 Right_Opnd =>
4787 Right_Opnd =>
4790 Prefix =>
4794 Right_Opnd =>
4796 Left_Opnd =>
4802 Right_Opnd =>
4805 Right_Opnd =>
4814 -- Only remaining possibility is that the source is signed and
4815 -- the target is unsigned.
4817 else
4821 -- If the source is signed and the target is unsigned, then we
4822 -- know that the target is not shorter than the source (otherwise
4823 -- the target base type would be in the source base type range).
4825 -- In other words, the unsigned type is either the same size as
4826 -- the target, or it is larger. It cannot be smaller.
4828 -- Clearly we have an error if the source value is negative since
4829 -- no unsigned type can have negative values. If the source type
4830 -- is non-negative, then the check can be done using the target
4831 -- type.
4833 -- Tnn : constant Target_Base_Type (N) := Target_Type;
4835 -- [constraint_error
4836 -- when N < 0 or else Tnn not in Target_Type];
4838 -- We turn off all checks for the conversion of N to the target
4839 -- base type, since we generate the explicit check to ensure that
4840 -- the value is non-negative
4842 declare
4847 begin
4851 Object_Definition =>
4854 Expression =>
4856 Subtype_Mark =>
4861 Condition =>
4863 Left_Opnd =>
4868 Right_Opnd =>
4871 Right_Opnd =>
4877 -- Set the Etype explicitly, because Insert_Actions may have
4878 -- placed the declaration in the freeze list for an enclosing
4879 -- construct, and thus it is not analyzed yet.
4888 ------------------
4889 -- Get_Check_Id --
4890 ------------------
4893 begin
4894 -- For standard check name, we can do a direct computation
4899 -- For non-standard names added by pragma Check_Name, search table
4901 else
4909 -- No matching name found
4914 ---------------------
4915 -- Get_Discriminal --
4916 ---------------------
4923 begin
4924 -- The bound can be a bona fide parameter of a protected operation,
4925 -- rather than a prival encoded as an in-parameter.
4931 -- Climb the scope stack looking for an enclosing protected type. If
4932 -- we run out of scopes, return the bound itself.
4958 ----------------------
4959 -- Get_Range_Checks --
4960 ----------------------
4962 function Get_Range_Checks
4967 is
4968 begin
4969 return Selected_Range_Checks
4973 ------------------
4974 -- Guard_Access --
4975 ------------------
4977 function Guard_Access
4981 is
4982 begin
4989 else
4990 return
4992 Left_Opnd =>
5000 -----------------------------
5001 -- Index_Checks_Suppressed --
5002 -----------------------------
5005 begin
5008 else
5013 ----------------
5014 -- Initialize --
5015 ----------------
5018 begin
5030 -------------------------
5031 -- Insert_Range_Checks --
5032 -------------------------
5034 procedure Insert_Range_Checks
5041 is
5048 or else
5051 begin
5052 -- For now we just return if Checks_On is false, however this should be
5053 -- enhanced to check for an always True value in the condition and to
5054 -- generate a compilation warning???
5073 then
5080 else
5087 else
5088 Check_Node :=
5095 else
5102 ------------------------
5103 -- Insert_Valid_Check --
5104 ------------------------
5110 begin
5111 -- Do not insert if checks off, or if not checking validity or
5112 -- if expression is known to be valid
5114 if not Validity_Checks_On
5117 then
5121 -- If we have a checked conversion, then validity check applies to
5122 -- the expression inside the conversion, not the result, since if
5123 -- the expression inside is valid, then so is the conversion result.
5130 -- We are about to insert the validity check for Exp. We save and
5131 -- reset the Do_Range_Check flag over this validity check, and then
5132 -- put it back for the final original reference (Exp may be rewritten).
5134 declare
5137 begin
5140 -- Force evaluation to avoid multiple reads for atomic/volatile
5144 then
5148 -- Insert the validity check. Note that we do this with validity
5149 -- checks turned off, to avoid recursion, we do not want validity
5150 -- checks on the validity checking code itself!
5152 Insert_Action
5155 Condition =>
5157 Right_Opnd =>
5159 Prefix =>
5165 -- If the expression is a a reference to an element of a bit-packed
5166 -- array, then it is rewritten as a renaming declaration. If the
5167 -- expression is an actual in a call, it has not been expanded,
5168 -- waiting for the proper point at which to do it. The same happens
5169 -- with renamings, so that we have to force the expansion now. This
5170 -- non-local complication is due to code in exp_ch2,adb, exp_ch4.adb
5171 -- and exp_ch6.adb.
5175 N_Object_Renaming_Declaration
5176 then
5177 declare
5179 begin
5182 then
5188 -- Put back the Do_Range_Check flag on the resulting (possibly
5189 -- rewritten) expression.
5191 -- Note: it might be thought that a validity check is not required
5192 -- when a range check is present, but that's not the case, because
5193 -- the back end is allowed to assume for the range check that the
5194 -- operand is within its declared range (an assumption that validity
5195 -- checking is all about NOT assuming!)
5197 -- Note: no need to worry about Possible_Local_Raise here, it will
5198 -- already have been called if original node has Do_Range_Check set.
5204 ----------------------------------
5205 -- Install_Null_Excluding_Check --
5206 ----------------------------------
5213 -- Determines if it is safe to capture Known_Non_Null status for an
5214 -- the entity referenced by node N. The caller ensures that N is indeed
5215 -- an entity name. It is safe to capture the non-null status for an IN
5216 -- parameter when the reference occurs within a declaration that is sure
5217 -- to be executed as part of the declarative region.
5220 -- After installation of check, if the node in question is an entity
5221 -- name, then mark this entity as non-null if possible.
5228 begin
5233 -- Two initial context checks. We must be inside a subprogram body
5234 -- with declarations and reference must not appear in nested scopes.
5238 then
5246 then
5250 declare
5254 begin
5255 -- Retrieve the declaration node of N (if any). Note that N
5256 -- may be a part of a complex initialization expression.
5262 -- If we have a short circuit form, and we are within the right
5263 -- hand expression, we return false, since the right hand side
5264 -- is not guaranteed to be elaborated.
5268 then
5272 -- Similarly, if we are in a conditional expression and not
5273 -- part of the condition, then we return False, since neither
5274 -- the THEN or ELSE expressions will always be elaborated.
5278 then
5282 -- While traversing the parent chain, we find that N
5283 -- belongs to a statement, thus it may never appear in
5284 -- a declarative region.
5288 then
5292 -- If we are at a declaration, record it and exit
5296 then
5312 -------------------
5313 -- Mark_Non_Null --
5314 -------------------
5317 begin
5318 -- Only case of interest is if node N is an entity name
5322 -- For sure, we want to clear an indication that this is known to
5323 -- be null, since if we get past this check, it definitely is not!
5327 -- We can mark the entity as known to be non-null if either it is
5328 -- safe to capture the value, or in the case of an IN parameter,
5329 -- which is a constant, if the check we just installed is in the
5330 -- declarative region of the subprogram body. In this latter case,
5331 -- a check is decisive for the rest of the body if the expression
5332 -- is sure to be elaborated, since we know we have to elaborate
5333 -- all declarations before executing the body.
5335 -- Couldn't this always be part of Safe_To_Capture_Value ???
5338 or else Safe_To_Capture_In_Parameter_Value
5339 then
5345 -- Start of processing for Install_Null_Excluding_Check
5347 begin
5350 -- No check inside a generic (why not???)
5356 -- No check needed if known to be non-null
5362 -- If known to be null, here is where we generate a compile time check
5366 -- Avoid generating warning message inside init procs
5369 Apply_Compile_Time_Constraint_Error
5372 CE_Access_Check_Failed);
5373 else
5379 Mark_Non_Null;
5383 -- If entity is never assigned, for sure a warning is appropriate
5389 -- No check needed if checks are suppressed on the range. Note that we
5390 -- don't set Is_Known_Non_Null in this case (we could legitimately do
5391 -- so, since the program is erroneous, but we don't like to casually
5392 -- propagate such conclusions from erroneosity).
5398 -- No check needed for access to concurrent record types generated by
5399 -- the expander. This is not just an optimization (though it does indeed
5400 -- remove junk checks). It also avoids generation of junk warnings.
5404 and then Is_Concurrent_Record_Type
5406 then
5410 -- Otherwise install access check
5414 Condition =>
5420 Mark_Non_Null;
5423 --------------------------
5424 -- Install_Static_Check --
5425 --------------------------
5431 begin
5440 -- Now deal with possible local raise handling
5445 ---------------------
5446 -- Kill_All_Checks --
5447 ---------------------
5450 begin
5455 -- We reset the number of saved checks to zero, and also modify all
5456 -- stack entries for statement ranges to indicate that the number of
5457 -- checks at each level is now zero.
5461 -- Note: the Int'Min here avoids any possibility of J being out of
5462 -- range when called from e.g. Conditional_Statements_Begin.
5469 -----------------
5470 -- Kill_Checks --
5471 -----------------
5474 begin
5490 ------------------------------
5491 -- Length_Checks_Suppressed --
5492 ------------------------------
5495 begin
5498 else
5503 --------------------------------
5504 -- Overflow_Checks_Suppressed --
5505 --------------------------------
5508 begin
5511 else
5516 -----------------------------
5517 -- Range_Checks_Suppressed --
5518 -----------------------------
5521 begin
5524 -- Note: for now we always suppress range checks on Vax float types,
5525 -- since Gigi does not know how to generate these checks.
5539 -----------------------------------------
5540 -- Range_Or_Validity_Checks_Suppressed --
5541 -----------------------------------------
5543 -- Note: the coding would be simpler here if we simply made appropriate
5544 -- calls to Range/Validity_Checks_Suppressed, but that would result in
5545 -- duplicated checks which we prefer to avoid.
5547 function Range_Or_Validity_Checks_Suppressed
5549 is
5550 begin
5551 -- Immediate return if scope checks suppressed for either check
5557 -- If no expression, that's odd, decide that checks are suppressed,
5558 -- since we don't want anyone trying to do checks in this case, which
5559 -- is most likely the result of some other error.
5565 -- Expression is present, so perform suppress checks on type
5567 declare
5569 begin
5574 or else
5576 then
5581 -- If expression is an entity name, perform checks on this entity
5584 declare
5586 begin
5594 -- If we fall through, no checks suppressed
5599 -------------------
5600 -- Remove_Checks --
5601 -------------------
5605 -- Process a single node during the traversal
5608 -- The traversal procedure itself
5610 -------------
5611 -- Process --
5612 -------------
5615 begin
5678 -- Start of processing for Remove_Checks
5680 begin
5684 ----------------------------
5685 -- Selected_Length_Checks --
5686 ----------------------------
5688 function Selected_Length_Checks
5693 is
5706 -- Adds the action given to Ret_Result if N is non-Empty
5710 -- Comments required ???
5713 -- True for equal literals and for nodes that denote the same constant
5714 -- entity, even if its value is not a static constant. This includes the
5715 -- case of a discriminal reference within an init proc. Removes some
5716 -- obviously superfluous checks.
5718 function Length_E_Cond
5722 -- Returns expression to compute:
5723 -- Typ'Length /= Exptyp'Length
5725 function Length_N_Cond
5729 -- Returns expression to compute:
5730 -- Typ'Length /= Expr'Length
5732 ---------------
5733 -- Add_Check --
5734 ---------------
5737 begin
5740 -- For now, ignore attempt to place more than 2 checks ???
5752 ------------------
5753 -- Get_E_Length --
5754 ------------------
5761 begin
5764 then
5774 return
5782 and then not Inside_Init_Proc
5783 then
5784 -- If the type whose length is needed is a private component
5785 -- constrained by a discriminant, we must expand the 'Length
5786 -- attribute into an explicit computation, using the discriminal
5787 -- of the current protected operation. This is because the actual
5788 -- type of the prival is constructed after the protected opera-
5789 -- tion has been fully expanded.
5791 declare
5797 begin
5808 then
5815 then
5829 N :=
5831 Left_Opnd =>
5839 else
5840 N :=
5843 Prefix =>
5855 else
5856 N :=
5859 Prefix =>
5871 ------------------
5872 -- Get_N_Length --
5873 ------------------
5876 begin
5877 return
5880 Prefix =>
5886 -------------------
5887 -- Length_E_Cond --
5888 -------------------
5890 function Length_E_Cond
5894 is
5895 begin
5896 return
5902 -------------------
5903 -- Length_N_Cond --
5904 -------------------
5906 function Length_N_Cond
5910 is
5911 begin
5912 return
5918 -----------------
5919 -- Same_Bounds --
5920 -----------------
5923 begin
5924 return
5929 or else
5934 or else
5939 or else
5946 or else
5954 -- Start of processing for Selected_Length_Checks
5956 begin
5964 then
5976 else
5989 -- A simple optimization for the null case
5999 -- The checking code to be generated will freeze the
6000 -- corresponding array type. However, we must freeze the
6001 -- type now, so that the freeze node does not appear within
6002 -- the generated condional expression, but ahead of it.
6013 -- String_Literal case. This needs to be handled specially be-
6014 -- cause no index types are available for string literals. The
6015 -- condition is simply:
6017 -- T_Typ'Length = string-literal-length
6021 then
6022 Cond :=
6025 Right_Opnd =>
6027 Intval =>
6030 -- General array case. Here we have a usable actual subtype for
6031 -- the expression, and the condition is built from the two types
6032 -- (Do_Length):
6034 -- T_Typ'Length /= Exptyp'Length or else
6035 -- T_Typ'Length (2) /= Exptyp'Length (2) or else
6036 -- T_Typ'Length (3) /= Exptyp'Length (3) or else
6037 -- ...
6040 declare
6053 begin
6054 -- At the library level, we need to ensure that the type of
6055 -- the object is elaborated before the check itself is
6056 -- emitted. This is only done if the object is in the
6057 -- current compilation unit, otherwise the type is frozen
6058 -- and elaborated in its unit.
6061 and then
6063 and then
6066 then
6077 or else
6079 then
6083 -- Deal with compile time length check. Note that we
6084 -- skip this in the access case, because the access
6085 -- value may be null, so we cannot know statically.
6087 if not Do_Access
6092 then
6096 else
6103 else
6108 Add_Check
6109 (Compile_Time_Constraint_Error
6113 Add_Check
6114 (Compile_Time_Constraint_Error
6118 -- The comparison for an individual index subtype
6119 -- is omitted if the corresponding index subtypes
6120 -- statically match, since the result is known to
6121 -- be true. Note that this test is worth while even
6122 -- though we do static evaluation, because non-static
6123 -- subtypes can statically match.
6125 elsif not
6126 Subtypes_Statically_Match
6129 and then not
6132 then
6133 Evolve_Or_Else
6143 -- Handle cases where we do not get a usable actual subtype that
6144 -- is constrained. This happens for example in the function call
6145 -- and explicit dereference cases. In these cases, we have to get
6146 -- the length or range from the expression itself, making sure we
6147 -- do not evaluate it more than once.
6149 -- Here Ck_Node is the original expression, or more properly the
6150 -- result of applying Duplicate_Expr to the original tree, forcing
6151 -- the result to be a name.
6153 else
6154 declare
6157 begin
6158 -- Build the condition for the explicit dereference case
6161 Evolve_Or_Else
6169 -- Construct the test and insert into the tree
6176 Add_Check
6185 ---------------------------
6186 -- Selected_Range_Checks --
6187 ---------------------------
6189 function Selected_Range_Checks
6194 is
6207 -- Adds the action given to Ret_Result if N is non-Empty
6209 function Discrete_Range_Cond
6212 -- Returns expression to compute:
6213 -- Low_Bound (Expr) < Typ'First
6214 -- or else
6215 -- High_Bound (Expr) > Typ'Last
6217 function Discrete_Expr_Cond
6220 -- Returns expression to compute:
6221 -- Expr < Typ'First
6222 -- or else
6223 -- Expr > Typ'Last
6225 function Get_E_First_Or_Last
6229 -- Returns expression to compute:
6230 -- E'First or E'Last
6234 -- Returns expression to compute:
6235 -- N'First or N'Last using Duplicate_Subexpr_No_Checks
6237 function Range_E_Cond
6242 -- Returns expression to compute:
6243 -- Exptyp'First < Typ'First or else Exptyp'Last > Typ'Last
6245 function Range_Equal_E_Cond
6249 -- Returns expression to compute:
6250 -- Exptyp'First /= Typ'First or else Exptyp'Last /= Typ'Last
6252 function Range_N_Cond
6256 -- Return expression to compute:
6257 -- Expr'First < Typ'First or else Expr'Last > Typ'Last
6259 ---------------
6260 -- Add_Check --
6261 ---------------
6264 begin
6267 -- For now, ignore attempt to place more than 2 checks ???
6279 -------------------------
6280 -- Discrete_Expr_Cond --
6281 -------------------------
6283 function Discrete_Expr_Cond
6286 is
6287 begin
6288 return
6290 Left_Opnd =>
6292 Left_Opnd =>
6295 Right_Opnd =>
6299 Right_Opnd =>
6301 Left_Opnd =>
6304 Right_Opnd =>
6305 Convert_To
6310 -------------------------
6311 -- Discrete_Range_Cond --
6312 -------------------------
6314 function Discrete_Range_Cond
6317 is
6324 begin
6327 then
6333 then
6337 Left_Opnd :=
6339 Left_Opnd =>
6340 Convert_To
6343 Right_Opnd =>
6344 Convert_To
6351 and then
6354 then
6358 then
6362 else
6365 then
6371 Right_Opnd :=
6373 Left_Opnd =>
6374 Convert_To
6377 Right_Opnd =>
6378 Convert_To
6385 -------------------------
6386 -- Get_E_First_Or_Last --
6387 -------------------------
6389 function Get_E_First_Or_Last
6393 is
6399 begin
6407 else
6419 else
6426 else
6432 then
6433 -- If this is a task discriminant, and we are the body, we must
6434 -- retrieve the corresponding body discriminal. This is another
6435 -- consequence of the early creation of discriminals, and the
6436 -- need to generate constraint checks before their declarations
6437 -- are made visible.
6440 declare
6442 Corresponding_Concurrent_Type
6446 begin
6449 then
6450 -- Find discriminant of original task, and use its
6451 -- current discriminal, which is the renaming within
6452 -- the task body.
6464 -- That loop should always succeed in finding a matching
6465 -- entry and returning. Fatal error if not.
6469 else
6470 return
6474 else
6480 and then not Inside_Init_Proc
6481 then
6487 -- Case of a bound rewritten to an N_Raise_Constraint_Error node
6488 -- because it is an out-of-range value. Duplicate_Subexpr cannot be
6489 -- called on this node because an N_Raise_Constraint_Error is not
6490 -- side effect free, and we may not assume that we are in the proper
6491 -- context to remove side effects on it at the point of reference.
6496 else
6501 -----------------
6502 -- Get_N_First --
6503 -----------------
6506 begin
6507 return
6510 Prefix =>
6516 ----------------
6517 -- Get_N_Last --
6518 ----------------
6521 begin
6522 return
6525 Prefix =>
6531 ------------------
6532 -- Range_E_Cond --
6533 ------------------
6535 function Range_E_Cond
6539 is
6540 begin
6541 return
6543 Left_Opnd =>
6548 Right_Opnd =>
6554 ------------------------
6555 -- Range_Equal_E_Cond --
6556 ------------------------
6558 function Range_Equal_E_Cond
6562 is
6563 begin
6564 return
6566 Left_Opnd =>
6570 Right_Opnd =>
6576 ------------------
6577 -- Range_N_Cond --
6578 ------------------
6580 function Range_N_Cond
6584 is
6585 begin
6586 return
6588 Left_Opnd =>
6593 Right_Opnd =>
6599 -- Start of processing for Selected_Range_Checks
6601 begin
6609 then
6621 else
6629 -- The order of evaluating T_Typ before S_Typ seems to be critical
6630 -- because S_Typ can be derived from Etype (Ck_Node), if it's not passed
6631 -- in, and since Node can be an N_Range node, it might be invalid.
6632 -- Should there be an assert check somewhere for taking the Etype of
6633 -- an N_Range node ???
6640 -- A simple optimization for the null case
6647 -- For an N_Range Node, check for a null range and then if not
6648 -- null generate a range check action.
6652 -- There's no point in checking a range against itself
6658 declare
6673 begin
6674 -- Compute what is known at compile time
6680 -- There's no point in checking that a bound is within its
6681 -- own range so pretend that it is known in this case. First
6682 -- deal with low bound.
6686 then
6690 else
6694 -- Likewise for the high bound
6701 then
6705 else
6710 -- Check for case where everything is static and we can do the
6711 -- check at compile time. This is skipped if we have an access
6712 -- type, since the access value may be null.
6714 -- ??? This code can be improved since you only need to know that
6715 -- the two respective bounds (LB & T_LB or HB & T_HB) are known at
6716 -- compile time to emit pertinent messages.
6719 and not Do_Access
6720 then
6721 -- Floating-point case
6725 Out_Of_Range_L :=
6727 or else
6730 Out_Of_Range_H :=
6732 or else
6735 -- Fixed or discrete type case
6737 else
6739 Out_Of_Range_L :=
6741 or else
6744 Out_Of_Range_H :=
6746 or else
6753 Add_Check
6754 (Compile_Time_Constraint_Error
6758 else
6759 Add_Check
6760 (Compile_Time_Constraint_Error
6768 Add_Check
6769 (Compile_Time_Constraint_Error
6773 else
6774 Add_Check
6775 (Compile_Time_Constraint_Error
6782 else
6783 declare
6787 begin
6788 -- If either bound is a discriminant and we are within the
6789 -- record declaration, it is a use of the discriminant in a
6790 -- constraint of a component, and nothing can be checked
6791 -- here. The check will be emitted within the init proc.
6792 -- Before then, the discriminal has no real meaning.
6793 -- Similarly, if the entity is a discriminal, there is no
6794 -- check to perform yet.
6796 -- The same holds within a discriminated synchronized type,
6797 -- where the discriminant may constrain a component or an
6798 -- entry family.
6802 then
6806 then
6808 else
6809 LB :=
6816 then
6820 then
6822 else
6823 HB :=
6831 Cond :=
6833 Left_Opnd =>
6844 -- This somewhat duplicates what Apply_Scalar_Range_Check does,
6845 -- except the above simply sets a flag in the node and lets
6846 -- gigi generate the check base on the Etype of the expression.
6847 -- Sometimes, however we want to do a dynamic check against an
6848 -- arbitrary target type, so we do that here.
6853 -- For literals, we can tell if the constraint error will be
6854 -- raised at compile time, so we never need a dynamic check, but
6855 -- if the exception will be raised, then post the usual warning,
6856 -- and replace the literal with a raise constraint error
6857 -- expression. As usual, skip this for access types
6860 and then not Do_Access
6861 then
6862 declare
6871 begin
6872 -- Following range tests should use Sem_Eval routine ???
6876 Out_Of_Range :=
6878 or else
6881 -- Fixed or discrete type
6883 else
6884 Out_Of_Range :=
6886 or else
6890 -- Bounds of the type are static and the literal is out of
6891 -- range so output a warning message.
6895 Add_Check
6896 (Compile_Time_Constraint_Error
6900 else
6901 Add_Check
6902 (Compile_Time_Constraint_Error
6908 else
6913 -- Here for the case of a non-static expression, we need a runtime
6914 -- check unless the source type range is guaranteed to be in the
6915 -- range of the target type.
6917 else
6934 -- String_Literal case. This needs to be handled specially be-
6935 -- cause no index types are available for string literals. The
6936 -- condition is simply:
6938 -- T_Typ'Length = string-literal-length
6943 -- General array case. Here we have a usable actual subtype for
6944 -- the expression, and the condition is built from the two types
6946 -- T_Typ'First < Exptyp'First or else
6947 -- T_Typ'Last > Exptyp'Last or else
6948 -- T_Typ'First(1) < Exptyp'First(1) or else
6949 -- T_Typ'Last(1) > Exptyp'Last(1) or else
6950 -- ...
6953 declare
6959 begin
6965 or else
6967 then
6968 -- Deal with compile time length check. Note that we
6969 -- skip this in the access case, because the access
6970 -- value may be null, so we cannot know statically.
6972 if not
6973 Subtypes_Statically_Match
6975 then
6976 -- If the target type is constrained then we
6977 -- have to check for exact equality of bounds
6978 -- (required for qualified expressions).
6981 Evolve_Or_Else
6984 else
6985 Evolve_Or_Else
6996 -- Handle cases where we do not get a usable actual subtype that
6997 -- is constrained. This happens for example in the function call
6998 -- and explicit dereference cases. In these cases, we have to get
6999 -- the length or range from the expression itself, making sure we
7000 -- do not evaluate it more than once.
7002 -- Here Ck_Node is the original expression, or more properly the
7003 -- result of applying Duplicate_Expr to the original tree,
7004 -- forcing the result to be a name.
7006 else
7007 declare
7010 begin
7011 -- Build the condition for the explicit dereference case
7014 Evolve_Or_Else
7020 else
7021 -- For a conversion to an unconstrained array type, generate an
7022 -- Action to check that the bounds of the source value are within
7023 -- the constraints imposed by the target type (RM 4.6(38)). No
7024 -- check is needed for a conversion to an access to unconstrained
7025 -- array type, as 4.6(24.15/2) requires the designated subtypes
7026 -- of the two access types to statically match.
7029 and then not Do_Access
7030 then
7031 declare
7036 begin
7041 -- If the index is a range, use its bounds. If it is an
7042 -- entity (as will be the case if it is a named subtype
7043 -- or an itype created for a slice) retrieve its range.
7047 then
7049 else
7054 if Is_In_Range
7057 and then
7058 Is_In_Range
7061 then
7064 -- If null range, no check needed
7066 elsif
7068 and then
7070 and then
7073 then
7076 elsif Is_Out_Of_Range
7079 or else
7080 Is_Out_Of_Range
7083 then
7084 Add_Check
7085 (Compile_Time_Constraint_Error
7088 else
7089 Evolve_Or_Else
7091 Discrete_Range_Cond
7104 -- Construct the test and insert into the tree
7111 Add_Check
7120 -------------------------------
7121 -- Storage_Checks_Suppressed --
7122 -------------------------------
7125 begin
7128 else
7133 ---------------------------
7134 -- Tag_Checks_Suppressed --
7135 ---------------------------
7138 begin
7150 --------------------------
7151 -- Validity_Check_Range --
7152 --------------------------
7155 begin
7164 --------------------------------
7165 -- Validity_Checks_Suppressed --
7166 --------------------------------
7169 begin
7172 else