| blob | 69cece95361865ec2f6cb8a72679ffb7085baba6 |
1 ------------------------------------------------------------------------------
2 -- --
3 -- GNAT COMPILER COMPONENTS --
4 -- --
5 -- C O N T R A C T S --
6 -- --
7 -- B o d y --
8 -- --
9 -- Copyright (C) 2015-2018, Free Software Foundation, Inc. --
10 -- --
11 -- GNAT is free software; you can redistribute it and/or modify it under --
12 -- terms of the GNU General Public License as published by the Free Soft- --
13 -- ware Foundation; either version 3, or (at your option) any later ver- --
14 -- sion. GNAT is distributed in the hope that it will be useful, but WITH- --
15 -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --
16 -- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --
17 -- for more details. You should have received a copy of the GNU General --
18 -- Public License distributed with GNAT; see file COPYING3. If not, go to --
19 -- http://www.gnu.org/licenses for a complete copy of the license. --
20 -- --
21 -- GNAT was originally developed by the GNAT team at New York University. --
22 -- Extensive contributions were provided by Ada Core Technologies Inc. --
23 -- --
24 ------------------------------------------------------------------------------
57 -- Analyze all delayed pragmas chained on the contract of package
58 -- instantiation Inst_Id as if they appear at the end of a declarative
59 -- region. The pragmas in question are:
60 --
61 -- Part_Of
64 -- (CodePeer): Subsidiary procedure to Analyze_Contracts which builds the
65 -- contract-only subprogram body of eligible subprograms found in L, adds
66 -- them to their corresponding list of declarations, and analyzes them.
69 -- Expand the contracts of a subprogram body and its correspoding spec (if
70 -- any). This routine processes all [refined] pre- and postconditions as
71 -- well as Contract_Cases, invariants and predicates. Body_Id denotes the
72 -- entity of the subprogram body.
74 -----------------------
75 -- Add_Contract_Item --
76 -----------------------
82 -- Prepend Prag to the list of classifications
85 -- Prepend Prag to the list of contract and test cases
88 -- Prepend Prag to the list of pre- and postconditions
90 ------------------------
91 -- Add_Classification --
92 ------------------------
95 begin
100 ----------------------------
101 -- Add_Contract_Test_Case --
102 ----------------------------
105 begin
110 ----------------------------
111 -- Add_Pre_Post_Condition --
112 ----------------------------
115 begin
120 -- Local variables
122 -- A contract must contain only pragmas
127 -- Start of processing for Add_Contract_Item
129 begin
130 -- Create a new contract when adding the first item
137 -- Constants, the applicable pragmas are:
138 -- Part_Of
142 Add_Classification;
144 -- The pragma is not a proper contract item
146 else
150 -- Entry bodies, the applicable pragmas are:
151 -- Refined_Depends
152 -- Refined_Global
153 -- Refined_Post
157 Add_Classification;
160 Add_Pre_Post_Condition;
162 -- The pragma is not a proper contract item
164 else
168 -- Entry or subprogram declarations, the applicable pragmas are:
169 -- Attach_Handler
170 -- Contract_Cases
171 -- Depends
172 -- Extensions_Visible
173 -- Global
174 -- Interrupt_Handler
175 -- Postcondition
176 -- Precondition
177 -- Test_Case
178 -- Volatile_Function
182 E_Generic_Function,
183 E_Generic_Procedure,
184 E_Procedure)
185 then
188 then
189 Add_Classification;
192 Name_Extensions_Visible,
193 Name_Global)
194 then
195 Add_Classification;
199 then
200 Add_Classification;
203 Add_Contract_Test_Case;
206 Add_Pre_Post_Condition;
208 -- The pragma is not a proper contract item
210 else
214 -- Packages or instantiations, the applicable pragmas are:
215 -- Abstract_States
216 -- Initial_Condition
217 -- Initializes
218 -- Part_Of (instantiation only)
222 Name_Initial_Condition,
223 Name_Initializes)
224 then
225 Add_Classification;
227 -- Indicator Part_Of must be associated with a package instantiation
230 Add_Classification;
232 -- The pragma is not a proper contract item
234 else
238 -- Package bodies, the applicable pragmas are:
239 -- Refined_States
243 Add_Classification;
245 -- The pragma is not a proper contract item
247 else
251 -- Protected units, the applicable pragmas are:
252 -- Part_Of
256 Add_Classification;
258 -- The pragma is not a proper contract item
260 else
264 -- Subprogram bodies, the applicable pragmas are:
265 -- Postcondition
266 -- Precondition
267 -- Refined_Depends
268 -- Refined_Global
269 -- Refined_Post
273 Add_Classification;
276 Name_Precondition,
277 Name_Refined_Post)
278 then
279 Add_Pre_Post_Condition;
281 -- The pragma is not a proper contract item
283 else
287 -- Task bodies, the applicable pragmas are:
288 -- Refined_Depends
289 -- Refined_Global
293 Add_Classification;
295 -- The pragma is not a proper contract item
297 else
301 -- Task units, the applicable pragmas are:
302 -- Depends
303 -- Global
304 -- Part_Of
308 Add_Classification;
310 -- The pragma is not a proper contract item
312 else
316 -- Variables, the applicable pragmas are:
317 -- Async_Readers
318 -- Async_Writers
319 -- Constant_After_Elaboration
320 -- Depends
321 -- Effective_Reads
322 -- Effective_Writes
323 -- Global
324 -- Part_Of
328 Name_Async_Writers,
329 Name_Constant_After_Elaboration,
330 Name_Depends,
331 Name_Effective_Reads,
332 Name_Effective_Writes,
333 Name_Global,
334 Name_Part_Of)
335 then
336 Add_Classification;
338 -- The pragma is not a proper contract item
340 else
346 -----------------------
347 -- Analyze_Contracts --
348 -----------------------
353 begin
361 -- Entry or subprogram declarations
364 N_Entry_Declaration,
365 N_Generic_Subprogram_Declaration,
366 N_Subprogram_Declaration)
367 then
368 declare
371 begin
374 -- If analysis of a class-wide pre/postcondition indicates
375 -- that a class-wide clone is needed, analyze its declaration
376 -- now. Its body is created when the body of the original
377 -- operation is analyzed (and rewritten).
381 then
386 -- Entry or subprogram bodies
391 -- Objects
396 -- Package instantiation
401 -- Protected units
404 N_Single_Protected_Declaration)
405 then
408 -- Subprogram body stubs
413 -- Task units
416 N_Task_Type_Declaration)
417 then
420 -- For type declarations, we need to do the preanalysis of Iterable
421 -- aspect specifications.
423 -- Other type aspects need to be resolved here???
427 then
428 declare
432 begin
443 -----------------------------------------------
444 -- Analyze_Entry_Or_Subprogram_Body_Contract --
445 -----------------------------------------------
447 -- WARNING: This routine manages SPARK regions. Return statements must be
448 -- replaced by gotos which jump to the end of the routine and restore the
449 -- SPARK mode.
458 -- Save the SPARK_Mode-related data to restore on exit
460 begin
461 -- When a subprogram body declaration is illegal, its defining entity is
462 -- left unanalyzed. There is nothing left to do in this case because the
463 -- body lacks a contract, or even a proper Ekind.
468 -- Do not analyze a contract multiple times
473 else
478 -- Due to the timing of contract analysis, delayed pragmas may be
479 -- subject to the wrong SPARK_Mode, usually that of the enclosing
480 -- context. To remedy this, restore the original SPARK_Mode of the
481 -- related subprogram body.
485 -- Ensure that the contract cases or postconditions mention 'Result or
486 -- define a post-state.
490 -- A stand-alone nonvolatile function body cannot have an effectively
491 -- volatile formal parameter or return type (SPARK RM 7.1.3(9)). This
492 -- check is relevant only when SPARK_Mode is on, as it is not a standard
493 -- legality rule. The check is performed here because Volatile_Function
494 -- is processed after the analysis of the related subprogram body. The
495 -- check only applies to source subprograms and not to generated TSS
496 -- subprograms.
502 then
506 -- Restore the SPARK_Mode of the enclosing context after all delayed
507 -- pragmas have been analyzed.
511 -- Capture all global references in a generic subprogram body now that
512 -- the contract has been analyzed.
515 Save_Global_References_In_Contract
520 -- Deal with preconditions, [refined] postconditions, Contract_Cases,
521 -- invariants and predicates associated with body and its spec. Do not
522 -- expand the contract of subprogram body stubs.
529 ------------------------------------------
530 -- Analyze_Entry_Or_Subprogram_Contract --
531 ------------------------------------------
533 -- WARNING: This routine manages SPARK regions. Return statements must be
534 -- replaced by gotos which jump to the end of the routine and restore the
535 -- SPARK mode.
537 procedure Analyze_Entry_Or_Subprogram_Contract
540 is
546 -- Save the SPARK_Mode-related data to restore on exit
550 and then not ASIS_Mode
558 begin
559 -- Do not analyze a contract multiple times
564 else
569 -- Due to the timing of contract analysis, delayed pragmas may be
570 -- subject to the wrong SPARK_Mode, usually that of the enclosing
571 -- context. To remedy this, restore the original SPARK_Mode of the
572 -- related subprogram body.
576 -- All subprograms carry a contract, but for some it is not significant
577 -- and should not be processed.
584 -- Do not analyze the pre/postconditions of an entry declaration
585 -- unless annotating the original tree for ASIS or GNATprove. The
586 -- real analysis occurs when the pre/postconditons are relocated to
587 -- the contract wrapper procedure (see Build_Contract_Wrapper).
592 -- Otherwise analyze the pre/postconditions
594 else
602 -- Analyze contract-cases and test-cases
610 -- Do not analyze the contract cases of an entry declaration
611 -- unless annotating the original tree for ASIS or GNATprove.
612 -- The real analysis occurs when the contract cases are moved
613 -- to the contract wrapper procedure (Build_Contract_Wrapper).
618 -- Otherwise analyze the contract cases
620 else
623 else
631 -- Analyze classification pragmas
647 -- Analyze Global first, as Depends may mention items classified in
648 -- the global categorization.
654 -- Depends must be analyzed after Global in order to see the modes of
655 -- all global items.
661 -- Ensure that the contract cases or postconditions mention 'Result
662 -- or define a post-state.
667 -- A nonvolatile function cannot have an effectively volatile formal
668 -- parameter or return type (SPARK RM 7.1.3(9)). This check is relevant
669 -- only when SPARK_Mode is on, as it is not a standard legality rule.
670 -- The check is performed here because pragma Volatile_Function is
671 -- processed after the analysis of the related subprogram declaration.
677 then
681 -- Restore the SPARK_Mode of the enclosing context after all delayed
682 -- pragmas have been analyzed.
686 -- Capture all global references in a generic subprogram now that the
687 -- contract has been analyzed.
690 Save_Global_References_In_Contract
696 -----------------------------
697 -- Analyze_Object_Contract --
698 -----------------------------
700 -- WARNING: This routine manages SPARK regions. Return statements must be
701 -- replaced by gotos which jump to the end of the routine and restore the
702 -- SPARK mode.
704 procedure Analyze_Object_Contract
707 is
712 -- Save the SPARK_Mode-related data to restore on exit
723 begin
724 -- The loop parameter in an element iterator over a formal container
725 -- is declared with an object declaration, but no contracts apply.
731 -- Do not analyze a contract multiple times
738 else
743 -- The anonymous object created for a single concurrent type inherits
744 -- the SPARK_Mode from the type. Due to the timing of contract analysis,
745 -- delayed pragmas may be subject to the wrong SPARK_Mode, usually that
746 -- of the enclosing context. To remedy this, restore the original mode
747 -- of the related anonymous object.
751 then
755 -- Constant-related checks
759 -- Analyze indicator Part_Of
763 -- Check whether the lack of indicator Part_Of agrees with the
764 -- placement of the constant with respect to the state space.
770 -- A constant cannot be effectively volatile (SPARK RM 7.1.3(4)).
771 -- This check is relevant only when SPARK_Mode is on, as it is not
772 -- a standard Ada legality rule. Internally-generated constants that
773 -- map generic formals to actuals in instantiations are allowed to
774 -- be volatile.
780 then
784 -- Variable-related checks
788 -- Analyze all external properties
818 -- Verify the mutual interaction of the various external properties
824 -- The anonymous object created for a single concurrent type carries
825 -- pragmas Depends and Globat of the type.
829 -- Analyze Global first, as Depends may mention items classified
830 -- in the global categorization.
838 -- Depends must be analyzed after Global in order to see the modes
839 -- of all global items.
850 -- Analyze indicator Part_Of
855 -- The variable is a constituent of a single protected/task type
856 -- and behaves as a component of the type. Verify that references
857 -- to the variable occur within the definition or body of the type
858 -- (SPARK RM 9.3).
861 and then Is_Single_Concurrent_Object
864 then
872 -- Otherwise check whether the lack of indicator Part_Of agrees with
873 -- the placement of the variable with respect to the state space.
875 else
879 -- The following checks are relevant only when SPARK_Mode is on, as
880 -- they are not standard Ada legality rules. Internally generated
881 -- temporaries are ignored.
886 -- The declaration of an effectively volatile object must
887 -- appear at the library level (SPARK RM 7.1.3(3), C.6(6)).
890 Error_Msg_N
892 Obj_Id);
894 -- An object of a discriminated type cannot be effectively
895 -- volatile except for protected objects (SPARK RM 7.1.3(5)).
899 then
900 Error_Msg_N
904 -- The object is not effectively volatile
906 else
907 -- A non-effectively volatile object cannot have effectively
908 -- volatile components (SPARK RM 7.1.3(6)).
912 then
913 Error_Msg_N
915 Obj_Id);
921 -- Common checks
925 -- A Ghost object cannot be of a type that yields a synchronized
926 -- object (SPARK RM 6.9(19)).
931 -- A Ghost object cannot be effectively volatile (SPARK RM 6.9(7) and
932 -- SPARK RM 6.9(19)).
937 -- A Ghost object cannot be imported or exported (SPARK RM 6.9(7)).
938 -- One exception to this is the object that represents the dispatch
939 -- table of a Ghost tagged type, as the symbol needs to be exported.
949 -- Restore the SPARK_Mode of the enclosing context after all delayed
950 -- pragmas have been analyzed.
955 -----------------------------------
956 -- Analyze_Package_Body_Contract --
957 -----------------------------------
959 -- WARNING: This routine manages SPARK regions. Return statements must be
960 -- replaced by gotos which jump to the end of the routine and restore the
961 -- SPARK mode.
963 procedure Analyze_Package_Body_Contract
966 is
973 -- Save the SPARK_Mode-related data to restore on exit
977 begin
978 -- Do not analyze a contract multiple times
983 else
988 -- Due to the timing of contract analysis, delayed pragmas may be
989 -- subject to the wrong SPARK_Mode, usually that of the enclosing
990 -- context. To remedy this, restore the original SPARK_Mode of the
991 -- related package body.
997 -- The analysis of pragma Refined_State detects whether the spec has
998 -- abstract states available for refinement.
1004 -- Restore the SPARK_Mode of the enclosing context after all delayed
1005 -- pragmas have been analyzed.
1009 -- Capture all global references in a generic package body now that the
1010 -- contract has been analyzed.
1013 Save_Global_References_In_Contract
1019 ------------------------------
1020 -- Analyze_Package_Contract --
1021 ------------------------------
1023 -- WARNING: This routine manages SPARK regions. Return statements must be
1024 -- replaced by gotos which jump to the end of the routine and restore the
1025 -- SPARK mode.
1033 -- Save the SPARK_Mode-related data to restore on exit
1040 begin
1041 -- Do not analyze a contract multiple times
1046 else
1051 -- Due to the timing of contract analysis, delayed pragmas may be
1052 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1053 -- context. To remedy this, restore the original SPARK_Mode of the
1054 -- related package.
1060 -- Locate and store pragmas Initial_Condition and Initializes, since
1061 -- their order of analysis matters.
1077 -- Analyze the initialization-related pragmas. Initializes must come
1078 -- before Initial_Condition due to item dependencies.
1089 -- Restore the SPARK_Mode of the enclosing context after all delayed
1090 -- pragmas have been analyzed.
1094 -- Capture all global references in a generic package now that the
1095 -- contract has been analyzed.
1098 Save_Global_References_In_Contract
1104 --------------------------------------------
1105 -- Analyze_Package_Instantiation_Contract --
1106 --------------------------------------------
1108 -- WARNING: This routine manages SPARK regions. Return statements must be
1109 -- replaced by gotos which jump to the end of the routine and restore the
1110 -- SPARK mode.
1118 -- Save the SPARK_Mode-related data to restore on exit
1123 begin
1124 -- Nothing to do when the package instantiation is erroneous or left
1125 -- partially decorated.
1134 -- Due to the timing of contract analysis, delayed pragmas may be
1135 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1136 -- context. To remedy this, restore the original SPARK_Mode of the
1137 -- related package.
1141 -- Check whether the lack of indicator Part_Of agrees with the placement
1142 -- of the package instantiation with respect to the state space. Nested
1143 -- package instantiations do not need to be checked because they inherit
1144 -- Part_Of indicator of the outermost package instantiation (see routine
1145 -- Propagate_Part_Of in Sem_Prag).
1154 -- Restore the SPARK_Mode of the enclosing context after all delayed
1155 -- pragmas have been analyzed.
1160 --------------------------------
1161 -- Analyze_Protected_Contract --
1162 --------------------------------
1167 begin
1168 -- Do not analyze a contract multiple times
1173 else
1179 -------------------------------------------
1180 -- Analyze_Subprogram_Body_Stub_Contract --
1181 -------------------------------------------
1187 begin
1188 -- A subprogram body stub may act as its own spec or as the completion
1189 -- of a previous declaration. Depending on the context, the contract of
1190 -- the stub may contain two sets of pragmas.
1192 -- The stub is a completion, the applicable pragmas are:
1193 -- Refined_Depends
1194 -- Refined_Global
1199 -- The stub acts as its own spec, the applicable pragmas are:
1200 -- Contract_Cases
1201 -- Depends
1202 -- Global
1203 -- Postcondition
1204 -- Precondition
1205 -- Test_Case
1207 else
1212 ---------------------------
1213 -- Analyze_Task_Contract --
1214 ---------------------------
1216 -- WARNING: This routine manages SPARK regions. Return statements must be
1217 -- replaced by gotos which jump to the end of the routine and restore the
1218 -- SPARK mode.
1225 -- Save the SPARK_Mode-related data to restore on exit
1229 begin
1230 -- Do not analyze a contract multiple times
1235 else
1240 -- Due to the timing of contract analysis, delayed pragmas may be
1241 -- subject to the wrong SPARK_Mode, usually that of the enclosing
1242 -- context. To remedy this, restore the original SPARK_Mode of the
1243 -- related task unit.
1247 -- Analyze Global first, as Depends may mention items classified in the
1248 -- global categorization.
1256 -- Depends must be analyzed after Global in order to see the modes of
1257 -- all global items.
1265 -- Restore the SPARK_Mode of the enclosing context after all delayed
1266 -- pragmas have been analyzed.
1271 -------------------------------------------------
1272 -- Build_And_Analyze_Contract_Only_Subprograms --
1273 -------------------------------------------------
1277 -- Analyze the contract-only subprograms of L
1280 -- Append the contract-only bodies of Subp_List to its declarations list
1283 -- If E is an entity for a non-imported subprogram specification with
1284 -- pre/postconditions and we are compiling with CodePeer mode, then
1285 -- this procedure will create a wrapper to help Gnat2scil process its
1286 -- contracts. Return Empty if the wrapper cannot be built.
1289 -- Build the contract-only subprograms of all eligible subprograms found
1290 -- in list L.
1293 -- Return True for package specs, task definitions, and protected type
1294 -- definitions whose list of private declarations is not empty.
1296 ---------------------------------------
1297 -- Analyze_Contract_Only_Subprograms --
1298 ---------------------------------------
1302 -- Analyze all the contract-only bodies of L
1304 ----------------------------------
1305 -- Analyze_Contract_Only_Bodies --
1306 ----------------------------------
1311 begin
1315 and then Is_Contract_Only_Body
1317 then
1325 -- Start of processing for Analyze_Contract_Only_Subprograms
1327 begin
1329 Analyze_Contract_Only_Bodies;
1331 else
1332 declare
1336 begin
1338 Analyze_Contract_Only_Bodies;
1340 -- For packages with private declarations, the contract-only
1341 -- bodies of subprograms defined in the visible part of the
1342 -- package are added to its private declarations (to ensure
1343 -- that they do not cause premature freezing of types and also
1344 -- that they are analyzed with proper visibility). Hence they
1345 -- will be analyzed later.
1351 Analyze_Contract_Only_Bodies;
1357 --------------------------------------
1358 -- Append_Contract_Only_Subprograms --
1359 --------------------------------------
1362 begin
1370 else
1371 declare
1375 begin
1379 -- If the package has private declarations then append them to
1380 -- its private declarations; they will be analyzed when the
1381 -- contracts of its private declarations are analyzed.
1383 else
1384 Append_List
1392 ------------------------------------
1393 -- Build_Contract_Only_Subprogram --
1394 ------------------------------------
1396 -- This procedure takes care of building a wrapper to generate better
1397 -- analysis results in the case of a call to a subprogram whose body
1398 -- is unavailable to CodePeer but whose specification includes Pre/Post
1399 -- conditions. The body might be unavailable for any of a number or
1400 -- reasons (it is imported, the .adb file is simply missing, or the
1401 -- subprogram might be subject to an Annotate (CodePeer, Skip_Analysis)
1402 -- pragma). The built subprogram has the following contents:
1403 -- * check preconditions
1404 -- * call the subprogram
1405 -- * check postconditions
1414 -- Build the declaration of the missing body subprogram and its
1415 -- corresponding pragma Import.
1418 -- Build the call to the missing body subprogram
1421 -- Return True for cases where the wrapper is not needed or we cannot
1422 -- build it.
1424 ------------------------------
1425 -- Build_Missing_Body_Decls --
1426 ------------------------------
1433 begin
1434 Decl :=
1438 Prag :=
1451 ----------------------------------------
1452 -- Build_Missing_Body_Subprogram_Call --
1453 ----------------------------------------
1459 begin
1462 -- Build parameter list that we need
1470 -- Build the call to the missing body subprogram
1473 return
1475 Expression =>
1477 Name =>
1481 else
1482 return
1484 Name =>
1490 -----------------------------------
1491 -- Skip_Contract_Only_Subprogram --
1492 -----------------------------------
1494 function Skip_Contract_Only_Subprogram
1496 is
1498 -- Return True if some formal of E (or its return type) are
1499 -- private types defined in an enclosing package.
1502 -- Return True if some enclosing package of the current scope has
1503 -- private declarations.
1505 ---------------------------------------
1506 -- Depends_On_Enclosing_Private_Type --
1507 ---------------------------------------
1510 function Defined_In_Enclosing_Package
1512 -- Return True if Typ is an entity defined in an enclosing
1513 -- package of the current scope.
1515 ----------------------------------
1516 -- Defined_In_Enclosing_Package --
1517 ----------------------------------
1519 function Defined_In_Enclosing_Package
1521 is
1524 begin
1527 loop
1534 -- Local variables
1539 -- Start of processing for Depends_On_Enclosing_Private_Type
1541 begin
1548 then
1555 return
1561 ----------------------------------------------
1562 -- Some_Enclosing_Package_Has_Private_Decls --
1563 ----------------------------------------------
1569 begin
1570 loop
1572 and then Has_Private_Declarations
1574 then
1585 -- Start of processing for Skip_Contract_Only_Subprogram
1587 begin
1588 if not CodePeer_Mode
1589 or else Inside_A_Generic
1597 then
1600 -- We do not support building the contract-only subprogram if E
1601 -- is a subprogram declared in a nested package that has some
1602 -- formal or return type depending on a private type defined in
1603 -- an enclosing package.
1606 and then Some_Enclosing_Package_Has_Private_Decls
1607 and then Depends_On_Enclosing_Private_Type
1608 then
1610 declare
1613 begin
1614 -- Warnings are disabled by default under CodePeer_Mode
1615 -- (see switch-c). Enable them temporarily.
1618 Error_Msg_N
1630 -- Start of processing for Build_Contract_Only_Subprogram
1632 begin
1633 -- Test cases where the wrapper is not needed and cases where we
1634 -- cannot build it.
1640 -- Note on calls to Copy_Separate_Tree. The trees we are copying
1641 -- here are fully analyzed, but we definitely want fully syntactic
1642 -- unanalyzed trees in the body we construct, so that the analysis
1643 -- generates the right visibility, and that is exactly what the
1644 -- calls to Copy_Separate_Tree give us.
1646 declare
1652 begin
1653 Bod :=
1655 Specification =>
1657 Declarations =>
1658 Build_Missing_Body_Decls,
1659 Handled_Statement_Sequence =>
1662 Build_Missing_Body_Subprogram_Call),
1667 -- Copy only the pre/postconditions of the original contract
1668 -- since it is what we need, but also because pragmas stored in
1669 -- the other fields have N_Pragmas with N_Aspect_Specifications
1670 -- that reference their associated pragma (thus causing an endless
1671 -- loop when trying to copy the subtree).
1673 declare
1676 begin
1682 -- Fix the name of this new subprogram and link the original
1683 -- subprogram with its Contract_Only_Body subprogram.
1693 -------------------------------------
1694 -- Build_Contract_Only_Subprograms --
1695 -------------------------------------
1703 begin
1725 ------------------------------
1726 -- Has_Private_Declarations --
1727 ------------------------------
1730 begin
1732 N_Protected_Definition,
1733 N_Task_Definition)
1734 then
1736 else
1737 return
1743 -- Local variables
1747 -- Start of processing for Build_And_Analyze_Contract_Only_Subprograms
1749 begin
1752 Analyze_Contract_Only_Subprograms;
1755 -----------------------------
1756 -- Create_Generic_Contract --
1757 -----------------------------
1764 -- Add a single contract-related source pragma Prag to the contract of
1765 -- generic template Templ_Id.
1767 ---------------------------------
1768 -- Add_Generic_Contract_Pragma --
1769 ---------------------------------
1774 begin
1775 -- Mark the pragma to prevent the premature capture of global
1776 -- references when capturing global references of the context
1777 -- (see Save_References_In_Pragma).
1781 -- Pragmas that apply to a generic subprogram declaration are not
1782 -- part of the semantic structure of the generic template:
1784 -- generic
1785 -- procedure Example (Formal : Integer);
1786 -- pragma Precondition (Formal > 0);
1788 -- Create a generic template for such pragmas and link the template
1789 -- of the pragma with the generic template.
1792 Rewrite
1799 -- Otherwise link the pragma with the generic template
1801 else
1806 -- Local variables
1811 -- Start of processing for Create_Generic_Contract
1813 begin
1814 -- A generic package declaration carries contract-related source pragmas
1815 -- in its visible declarations.
1824 -- A generic package body carries contract-related source pragmas in its
1825 -- declarations.
1834 -- Generic subprogram declaration
1839 else
1843 -- When the generic subprogram acts as a compilation unit, inspect
1844 -- the Pragmas_After list for contract-related source pragmas.
1849 then
1853 -- Otherwise inspect the successive declarations for contract-related
1854 -- source pragmas.
1856 else
1860 -- A generic subprogram body carries contract-related source pragmas in
1861 -- its declarations.
1871 -- Inspect the relevant declarations looking for contract-related source
1872 -- pragmas and add them to the contract of the generic unit.
1878 -- The source pragma is a contract annotation
1884 -- The region where a contract-related source pragma may appear
1885 -- ends with the first source non-pragma declaration or statement.
1887 else
1896 --------------------------------
1897 -- Expand_Subprogram_Contract --
1898 --------------------------------
1904 procedure Add_Invariant_And_Predicate_Checks
1908 -- Process the result of function Subp_Id (if applicable) and all its
1909 -- formals. Add invariant and predicate checks where applicable. The
1910 -- routine appends all the checks to list Stmts. If Subp_Id denotes a
1911 -- function, Result contains the entity of parameter _Result, to be
1912 -- used in the creation of procedure _Postconditions.
1915 -- Append a node to a list. If there is no list, create a new one. When
1916 -- the item denotes a pragma, it is added to the list only when it is
1917 -- enabled.
1919 procedure Build_Postconditions_Procedure
1923 -- Create the body of procedure _Postconditions which handles various
1924 -- assertion actions on exit from subprogram Subp_Id. Stmts is the list
1925 -- of statements to be checked on exit. Parameter Result is the entity
1926 -- of parameter _Result when Subp_Id denotes a function.
1929 -- Process pragma Contract_Cases. This routine prepends items to the
1930 -- body declarations and appends items to list Stmts.
1933 -- Collect all [inherited] spec and body postconditions and accumulate
1934 -- their pragma Check equivalents in list Stmts.
1937 -- Collect all [inherited] spec and body preconditions and prepend their
1938 -- pragma Check equivalents to the declarations of the body.
1940 ----------------------------------------
1941 -- Add_Invariant_And_Predicate_Checks --
1942 ----------------------------------------
1944 procedure Add_Invariant_And_Predicate_Checks
1948 is
1950 -- Id denotes the return value of a function or a formal parameter.
1951 -- Add an invariant check if the type of Id is access to a type with
1952 -- invariants. The routine appends the generated code to Stmts.
1955 -- Determine whether type Typ can benefit from invariant checks. To
1956 -- qualify, the type must have a non-null invariant procedure and
1957 -- subprogram Subp_Id must appear visible from the point of view of
1958 -- the type.
1960 ---------------------------------
1961 -- Add_Invariant_Access_Checks --
1962 ---------------------------------
1969 begin
1976 Ref :=
1981 -- Generate:
1982 -- if <Id> /= null then
1983 -- <invariant_call (<Ref>)>
1984 -- end if;
1986 Append_Enabled_Item
1989 Condition =>
2000 -------------------------
2001 -- Invariant_Checks_OK --
2002 -------------------------
2006 -- Determine whether type Typ has public visibility of subprogram
2007 -- Subp_Id.
2009 -----------------------------------------
2010 -- Has_Public_Visibility_Of_Subprogram --
2011 -----------------------------------------
2016 begin
2017 -- An Initialization procedure must be considered visible even
2018 -- though it is internally generated.
2026 -- Internally generated code is never publicly visible except
2027 -- for a subprogram that is the implementation of an expression
2028 -- function. In that case the visibility is determined by the
2029 -- last check.
2032 and then
2034 or else not
2036 then
2039 -- Determine whether the subprogram is declared in the visible
2040 -- declarations of the package containing the type, or in the
2041 -- visible declaration of a child unit of that package.
2043 else
2044 declare
2051 begin
2052 return
2053 Decls = Visible_Declarations
2056 or else
2060 and then
2062 and then
2063 Decls = Visible_Declarations
2064 (Specification
2070 -- Start of processing for Invariant_Checks_OK
2072 begin
2073 return
2080 -- Local variables
2083 -- Source location of subprogram body contract
2088 -- Start of processing for Add_Invariant_And_Predicate_Checks
2090 begin
2093 -- Process the result of a function
2098 -- Generate _Result which is used in procedure _Postconditions to
2099 -- verify the return value.
2104 -- Add an invariant check when the return type has invariants and
2105 -- the related function is visible to the outside.
2108 Append_Enabled_Item
2114 -- Add an invariant check when the return type is an access to a
2115 -- type with invariants.
2120 -- Add invariant and predicates for all formals that qualify
2128 then
2130 Append_Enabled_Item
2138 -- Note: we used to add predicate checks for OUT and IN OUT
2139 -- formals here, but that was misguided, since such checks are
2140 -- performed on the caller side, based on the predicate of the
2141 -- actual, rather than the predicate of the formal.
2149 -------------------------
2150 -- Append_Enabled_Item --
2151 -------------------------
2154 begin
2155 -- Do not chain ignored or disabled pragmas
2159 then
2162 -- Otherwise, add the item
2164 else
2169 -- If the pragma is a conjunct in a composite postcondition, it
2170 -- has been processed in reverse order. In the postcondition body
2171 -- it must appear before the others.
2176 then
2178 else
2184 ------------------------------------
2185 -- Build_Postconditions_Procedure --
2186 ------------------------------------
2188 procedure Build_Postconditions_Procedure
2192 is
2194 -- Insert node Stmt before the first source declaration of the
2195 -- related subprogram's body. If no such declaration exists, Stmt
2196 -- becomes the last declaration.
2198 --------------------------------------------
2199 -- Insert_Before_First_Source_Declaration --
2200 --------------------------------------------
2206 begin
2207 -- Inspect the declarations of the related subprogram body looking
2208 -- for the first source declaration.
2221 -- If we get there, then the subprogram body lacks any source
2222 -- declarations. The body of _Postconditions now acts as the
2223 -- last declaration.
2227 -- Ensure that the body has a declaration list
2229 else
2234 -- Local variables
2243 -- Start of processing for Build_Postconditions_Procedure
2245 begin
2246 -- Nothing to do if there are no actions to check on exit
2256 -- Force the front-end inlining of _Postconditions when generating C
2257 -- code, since its body may have references to itypes defined in the
2258 -- enclosing subprogram, which would cause problems for unnesting
2259 -- routines in the absence of inlining.
2267 -- The related subprogram is a function: create the specification of
2268 -- parameter _Result.
2274 Parameter_Type =>
2278 Proc_Spec :=
2285 -- Insert _Postconditions before the first source declaration of the
2286 -- body. This ensures that the body will not cause any premature
2287 -- freezing, as it may mention types:
2289 -- procedure Proc (Obj : Array_Typ) is
2290 -- procedure _postconditions is
2291 -- begin
2292 -- ... Obj ...
2293 -- end _postconditions;
2295 -- subtype T is Array_Typ (Obj'First (1) .. Obj'Last (1));
2296 -- begin
2298 -- In the example above, Obj is of type T but the incorrect placement
2299 -- of _Postconditions will cause a crash in gigi due to an out-of-
2300 -- order reference. The body of _Postconditions must be placed after
2301 -- the declaration of Temp to preserve correct visibility.
2306 -- Set an explicit End_Label to override the sloc of the implicit
2307 -- RETURN statement, and prevent it from inheriting the sloc of one
2308 -- the postconditions: this would cause confusing debug info to be
2309 -- produced, interfering with coverage-analysis tools.
2311 Proc_Bod :=
2313 Specification =>
2316 Handled_Statement_Sequence =>
2324 ----------------------------
2325 -- Process_Contract_Cases --
2326 ----------------------------
2330 -- Process pragma Contract_Cases for subprogram Subp_Id
2332 --------------------------------
2333 -- Process_Contract_Cases_For --
2334 --------------------------------
2340 begin
2346 then
2347 Expand_Pragma_Contract_Cases
2360 -- Stmts is passed as IN OUT to signal that the list can be updated,
2361 -- even if the corresponding integer value representing the list does
2362 -- not change.
2364 -- Start of processing for Process_Contract_Cases
2366 begin
2374 ----------------------------
2375 -- Process_Postconditions --
2376 ----------------------------
2380 -- Collect all [refined] postconditions of a specific kind denoted
2381 -- by Post_Nam that belong to the body, and generate pragma Check
2382 -- equivalents in list Stmts.
2385 -- Collect all [inherited] postconditions of the spec, and generate
2386 -- pragma Check equivalents in list Stmts.
2388 ---------------------------------
2389 -- Process_Body_Postconditions --
2390 ---------------------------------
2398 begin
2399 -- Process the contract
2406 then
2407 Append_Enabled_Item
2416 -- The subprogram body being processed is actually the proper body
2417 -- of a stub with a corresponding spec. The subprogram stub may
2418 -- carry a postcondition pragma, in which case it must be taken
2419 -- into account. The pragma appears after the stub.
2425 -- Note that non-matching pragmas are skipped
2430 then
2431 Append_Enabled_Item
2436 -- Skip internally generated code
2441 -- Postcondition pragmas are usually grouped together. There
2442 -- is no need to inspect the whole declarative list.
2444 else
2453 ---------------------------------
2454 -- Process_Spec_Postconditions --
2455 ---------------------------------
2465 begin
2466 -- Process the contract
2475 then
2476 Append_Enabled_Item
2485 -- Process the contracts of all inherited subprograms, looking for
2486 -- class-wide postconditions.
2497 then
2498 Item :=
2499 Build_Pragma_Check_Equivalent
2504 -- The pragma Check equivalent of the class-wide
2505 -- postcondition is still created even though the
2506 -- pragma may be ignored because the equivalent
2507 -- performs semantic checks.
2521 -- Stmts is passed as IN OUT to signal that the list can be updated,
2522 -- even if the corresponding integer value representing the list does
2523 -- not change.
2525 -- Start of processing for Process_Postconditions
2527 begin
2528 -- The processing of postconditions is done in reverse order (body
2529 -- first) to ensure the following arrangement:
2531 -- <refined postconditions from body>
2532 -- <postconditions from body>
2533 -- <postconditions from spec>
2534 -- <inherited postconditions>
2540 Process_Spec_Postconditions;
2544 ---------------------------
2545 -- Process_Preconditions --
2546 ---------------------------
2550 -- The sole [inherited] class-wide precondition pragma that applies
2551 -- to the subprogram.
2554 -- The insertion node after which all pragma Check equivalents are
2555 -- inserted.
2558 -- Determine whether arbitrary declaration Decl denotes a renaming of
2559 -- a discriminant or protection field _object.
2562 -- Merge two class-wide preconditions by "or else"-ing them. The
2563 -- changes are accumulated in parameter Into. Update the error
2564 -- message of Into.
2567 -- Prepend a single item to the declarations of the subprogram body
2570 -- Save a class-wide precondition into Class_Pre, or prepend a normal
2571 -- precondition to the declarations of the body and analyze it.
2574 -- Collect all inherited class-wide preconditions and merge them into
2575 -- one big precondition to be evaluated as pragma Check.
2578 -- Collect all preconditions of subprogram Subp_Id and prepend their
2579 -- pragma Check equivalents to the declarations of the body.
2581 --------------------------
2582 -- Is_Prologue_Renaming --
2583 --------------------------
2591 begin
2600 -- A discriminant renaming appears as
2601 -- Discr : constant ... := Prefix.Discr;
2607 then
2610 -- A protection field renaming appears as
2611 -- Prot : ... := _object._object;
2613 -- A renamed private component is just a component of
2614 -- _object, with an arbitrary name.
2620 then
2629 -------------------------
2630 -- Merge_Preconditions --
2631 -------------------------
2635 -- Return the boolean expression argument of a precondition while
2636 -- updating its parentheses count for the subsequent merge.
2639 -- Return the message argument of a precondition
2641 --------------------
2642 -- Expression_Arg --
2643 --------------------
2649 begin
2657 -----------------
2658 -- Message_Arg --
2659 -----------------
2663 begin
2667 -- Local variables
2675 -- Start of processing for Merge_Preconditions
2677 begin
2678 -- Merge the two preconditions by "or else"-ing them
2685 -- Merge the two error messages to produce a single message of the
2686 -- form:
2688 -- failed precondition from ...
2689 -- also failed inherited precondition from ...
2701 ----------------------
2702 -- Prepend_To_Decls --
2703 ----------------------
2708 begin
2711 -- Ensure that the body has a declarative list
2721 ------------------------------
2722 -- Prepend_To_Decls_Or_Save --
2723 ------------------------------
2728 begin
2731 -- Save the sole class-wide precondition (if any) for the next
2732 -- step, where it will be merged with inherited preconditions.
2738 -- Accumulate the corresponding Check pragmas at the top of the
2739 -- declarations. Prepending the items ensures that they will be
2740 -- evaluated in their original order.
2742 else
2745 else
2753 -------------------------------------
2754 -- Process_Inherited_Preconditions --
2755 -------------------------------------
2766 begin
2767 -- Process the contracts of all inherited subprograms, looking for
2768 -- class-wide preconditions.
2779 then
2780 Item :=
2781 Build_Pragma_Check_Equivalent
2786 -- The pragma Check equivalent of the class-wide
2787 -- precondition is still created even though the
2788 -- pragma may be ignored because the equivalent
2789 -- performs semantic checks.
2793 -- The spec of an inherited subprogram already
2794 -- yielded a class-wide precondition. Merge the
2795 -- existing precondition with the current one
2796 -- using "or else".
2800 else
2811 -- Add the merged class-wide preconditions
2819 -------------------------------
2820 -- Process_Preconditions_For --
2821 -------------------------------
2830 begin
2831 -- Process the contract
2838 then
2846 -- The subprogram declaration being processed is actually a body
2847 -- stub. The stub may carry a precondition pragma, in which case
2848 -- it must be taken into account. The pragma appears after the
2849 -- stub.
2855 -- Inspect the declarations following the body stub
2860 -- Note that non-matching pragmas are skipped
2865 then
2869 -- Skip internally generated code
2874 -- Preconditions are usually grouped together. There is no
2875 -- need to inspect the whole declarative list.
2877 else
2886 -- Local variables
2891 -- Start of processing for Process_Preconditions
2893 begin
2894 -- Find the proper insertion point for all pragma Check equivalents
2900 -- First source declaration terminates the search, because all
2901 -- preconditions must be evaluated prior to it, by definition.
2906 -- Certain internally generated object renamings such as those
2907 -- for discriminants and protection fields must be elaborated
2908 -- before the preconditions are evaluated, as their expressions
2909 -- may mention the discriminants. The renamings include those
2910 -- for private components so we need to find the last such.
2915 loop
2921 -- Otherwise the declaration does not come from source. This
2922 -- also terminates the search, because internal code may raise
2923 -- exceptions which should not preempt the preconditions.
2925 else
2933 -- The processing of preconditions is done in reverse order (body
2934 -- first), because each pragma Check equivalent is inserted at the
2935 -- top of the declarations. This ensures that the final order is
2936 -- consistent with following diagram:
2938 -- <inherited preconditions>
2939 -- <preconditions from spec>
2940 -- <preconditions from body>
2946 Process_Inherited_Preconditions;
2950 -- Local variables
2957 -- Start of processing for Expand_Subprogram_Contract
2959 begin
2960 -- Obtain the entity of the initial declaration
2964 else
2968 -- Do not perform expansion activity when it is not needed
2973 -- ASIS requires an unaltered tree
2978 -- GNATprove does not need the executable semantics of a contract
2983 -- The contract of a generic subprogram or one declared in a generic
2984 -- context is not expanded, as the corresponding instance will provide
2985 -- the executable semantics of the contract.
2990 -- All subprograms carry a contract, but for some it is not significant
2991 -- and should not be processed. This is a small optimization.
2996 -- The contract of an ignored Ghost subprogram does not need expansion,
2997 -- because the subprogram and all calls to it will be removed.
3002 -- Do not re-expand the same contract. This scenario occurs when a
3003 -- construct is rewritten into something else during its analysis
3004 -- (expression functions for instance).
3010 -- Prevent multiple expansion attempts of the same contract
3014 -- Ensure that the formal parameters are visible when expanding all
3015 -- contract items.
3023 else
3028 -- The expansion of a subprogram contract involves the creation of Check
3029 -- pragmas to verify the contract assertions of the spec and body in a
3030 -- particular order. The order is as follows:
3032 -- function Example (...) return ... is
3033 -- procedure _Postconditions (...) is
3034 -- begin
3035 -- <refined postconditions from body>
3036 -- <postconditions from body>
3037 -- <postconditions from spec>
3038 -- <inherited postconditions>
3039 -- <contract case consequences>
3040 -- <invariant check of function result>
3041 -- <invariant and predicate checks of parameters>
3042 -- end _Postconditions;
3044 -- <inherited preconditions>
3045 -- <preconditions from spec>
3046 -- <preconditions from body>
3047 -- <contract case conditions>
3049 -- <source declarations>
3050 -- begin
3051 -- <source statements>
3053 -- _Preconditions (Result);
3054 -- return Result;
3055 -- end Example;
3057 -- Routine _Postconditions holds all contract assertions that must be
3058 -- verified on exit from the related subprogram.
3060 -- Step 1: Handle all preconditions. This action must come before the
3061 -- processing of pragma Contract_Cases because the pragma prepends items
3062 -- to the body declarations.
3064 Process_Preconditions;
3066 -- Step 2: Handle all postconditions. This action must come before the
3067 -- processing of pragma Contract_Cases because the pragma appends items
3068 -- to list Stmts.
3072 -- Step 3: Handle pragma Contract_Cases. This action must come before
3073 -- the processing of invariants and predicates because those append
3074 -- items to list Stmts.
3078 -- Step 4: Apply invariant and predicate checks on a function result and
3079 -- all formals. The resulting checks are accumulated in list Stmts.
3083 -- Step 5: Construct procedure _Postconditions
3088 End_Scope;
3092 -------------------------------
3093 -- Freeze_Previous_Contracts --
3094 -------------------------------
3099 -- Determine whether arbitrary node N causes contract freezing
3103 -- Freeze the contracts of all eligible constructs which precede body
3104 -- Body_Decl.
3108 -- Freeze the contract of the nearest package body (if any) which
3109 -- encloses body Body_Decl.
3111 ------------------------------
3112 -- Causes_Contract_Freezing --
3113 ------------------------------
3116 begin
3118 N_Package_Body,
3119 N_Protected_Body,
3120 N_Subprogram_Body,
3121 N_Subprogram_Body_Stub,
3122 N_Task_Body);
3125 ----------------------
3126 -- Freeze_Contracts --
3127 ----------------------
3133 begin
3134 -- Nothing to do when the body which causes freezing does not appear
3135 -- in a declarative list because there cannot possibly be constructs
3136 -- with contracts.
3142 -- Inspect the declarations preceding the body, and freeze individual
3143 -- contracts of eligible constructs.
3148 -- Stop the traversal when a preceding construct that causes
3149 -- freezing is encountered as there is no point in refreezing
3150 -- the already frozen constructs.
3155 -- Entry or subprogram declarations
3158 N_Entry_Declaration,
3159 N_Generic_Subprogram_Declaration,
3160 N_Subprogram_Declaration)
3161 then
3162 Analyze_Entry_Or_Subprogram_Contract
3166 -- Objects
3169 Analyze_Object_Contract
3173 -- Protected units
3176 N_Single_Protected_Declaration)
3177 then
3180 -- Subprogram body stubs
3185 -- Task units
3188 N_Task_Type_Declaration)
3189 then
3197 -----------------------------------
3198 -- Freeze_Enclosing_Package_Body --
3199 -----------------------------------
3205 begin
3206 -- Climb the parent chain looking for an enclosing package body. Do
3207 -- not use the scope stack, because a body utilizes the entity of its
3208 -- corresponding spec.
3213 Analyze_Package_Body_Contract
3219 -- Do not look for an enclosing package body when the construct
3220 -- which causes freezing is a body generated for an expression
3221 -- function and it appears within a package spec. This ensures
3222 -- that the traversal will not reach too far up the parent chain
3223 -- and attempt to freeze a package body which must not be frozen.
3225 -- package body Enclosing_Body
3226 -- with Refined_State => (State => Var)
3227 -- is
3228 -- package Nested is
3229 -- type Some_Type is ...;
3230 -- function Cause_Freezing return ...;
3231 -- private
3232 -- function Cause_Freezing is (...);
3233 -- end Nested;
3234 --
3235 -- Var : Nested.Some_Type;
3239 then
3242 -- Prevent the search from going too far
3252 -- Local variables
3256 -- Start of processing for Freeze_Previous_Contracts
3258 begin
3261 -- A body that is in the process of being inlined appears from source,
3262 -- but carries name _parent. Such a body does not cause freezing of
3263 -- contracts.
3269 Freeze_Enclosing_Package_Body;
3270 Freeze_Contracts;
3273 ---------------------------------
3274 -- Inherit_Subprogram_Contract --
3275 ---------------------------------
3277 procedure Inherit_Subprogram_Contract
3280 is
3282 -- Propagate a pragma denoted by Prag_Id from From_Subp's contract to
3283 -- Subp's contract.
3285 --------------------
3286 -- Inherit_Pragma --
3287 --------------------
3293 begin
3294 -- A pragma cannot be part of more than one First_Pragma/Next_Pragma
3295 -- chains, therefore the node must be replicated. The new pragma is
3296 -- flagged as inherited for distinction purposes.
3306 -- Start of processing for Inherit_Subprogram_Contract
3308 begin
3309 -- Inheritance is carried out only when both entities are subprograms
3310 -- with contracts.
3315 then
3320 -------------------------------------
3321 -- Instantiate_Subprogram_Contract --
3322 -------------------------------------
3326 -- Instantiate all contract-related source pragmas found in the list,
3327 -- starting with pragma First_Prag. Each instantiated pragma is added
3328 -- to list L.
3330 -------------------------
3331 -- Instantiate_Pragmas --
3332 -------------------------
3338 begin
3342 Inst_Prag :=
3353 -- Local variables
3357 -- Start of processing for Instantiate_Subprogram_Contract
3359 begin
3367 ----------------------------------------
3368 -- Save_Global_References_In_Contract --
3369 ----------------------------------------
3371 procedure Save_Global_References_In_Contract
3374 is
3376 -- Save all global references in contract-related source pragmas found
3377 -- in the list, starting with pragma First_Prag.
3379 ------------------------------------
3380 -- Save_Global_References_In_List --
3381 ------------------------------------
3386 begin
3397 -- Local variables
3401 -- Start of processing for Save_Global_References_In_Contract
3403 begin
3404 -- The entity of the analyzed generic copy must be on the scope stack
3405 -- to ensure proper detection of global references.
3411 then
3421 Pop_Scope;