This file is indexed.

/usr/share/ada/adainclude/gnatprj/restrict.ads is in libgnatprj4.8-dev 4.8.2-8ubuntu3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
------------------------------------------------------------------------------
--                                                                          --
--                         GNAT COMPILER COMPONENTS                         --
--                                                                          --
--                             R E S T R I C T                              --
--                                                                          --
--                                 S p e c                                  --
--                                                                          --
--          Copyright (C) 1992-2012, Free Software Foundation, Inc.         --
--                                                                          --
-- GNAT is free software;  you can  redistribute it  and/or modify it under --
-- terms of the  GNU General Public License as published  by the Free Soft- --
-- ware  Foundation;  either version 3,  or (at your option) any later ver- --
-- sion.  GNAT is distributed in the hope that it will be useful, but WITH- --
-- OUT ANY WARRANTY;  without even the  implied warranty of MERCHANTABILITY --
-- or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License --
-- for  more details.  You should have  received  a copy of the GNU General --
-- Public License  distributed with GNAT; see file COPYING3.  If not, go to --
-- http://www.gnu.org/licenses for a complete copy of the license.          --
--                                                                          --
-- GNAT was originally developed  by the GNAT team at  New York University. --
-- Extensive contributions were provided by Ada Core Technologies Inc.      --
--                                                                          --
------------------------------------------------------------------------------

--  This package deals with the implementation of the Restrictions pragma

with Namet;  use Namet;
with Rident; use Rident;
with Table;
with Types;  use Types;
with Uintp;  use Uintp;

package Restrict is

   Restrictions : Restrictions_Info := No_Restrictions;
   --  This variable records restrictions found in any units in the main
   --  extended unit, and in the case of restrictions checked for partition
   --  consistency, restrictions found in any with'ed units, parent specs
   --  etc., since we may as well check as much as we can at compile time.
   --  These variables should not be referenced directly by clients. Instead
   --  use Check_Restriction to record a violation of a restriction, and
   --  Restriction_Active to test if a given restriction is active.

   Restrictions_Loc : array (All_Restrictions) of Source_Ptr :=
                       (others => No_Location);
   --  Locations of Restrictions pragmas for error message purposes.
   --  Valid only if corresponding entry in Restrictions is set. A value
   --  of No_Location is used for implicit restrictions set by another
   --  pragma, and a value of System_Location is used for restrictions
   --  set from package Standard by the processing in Targparm.

   Restriction_Profile_Name : array (All_Restrictions) of Profile_Name;
   --  Entries in this array are valid only if the corresponding restriction
   --  in Restrictions set. The value is the corresponding profile name if the
   --  restriction was set by a Profile or Profile_Warnings pragma. The value
   --  is No_Profile in all other cases.

   Main_Restrictions : Restrictions_Info := No_Restrictions;
   --  This variable records only restrictions found in any units of the
   --  main extended unit. These are the variables used for ali file output,
   --  since we want the binder to be able to accurately diagnose inter-unit
   --  restriction violations.

   Restriction_Warnings : Rident.Restriction_Flags;
   --  If one of these flags is set, then it means that violation of the
   --  corresponding restriction results only in a warning message, not
   --  in an error message, and the restriction is not otherwise enforced.
   --  Note that the flags in Restrictions are set to indicate that the
   --  restriction is set in this case, but Main_Restrictions is never
   --  set if Restriction_Warnings is set, so this does not look like a
   --  restriction to the binder.

   --  The following declarations establish a mapping between restriction
   --  identifiers, and the names of corresponding restriction library units.

   type Unit_Entry is record
      Res_Id : Restriction_Id;
      Filenm : String (1 .. 8);
   end record;

   Unit_Array : constant array (Positive range <>) of Unit_Entry := (
     (No_Asynchronous_Control,     "a-astaco"),
     (No_Calendar,                 "a-calend"),
     (No_Calendar,                 "calendar"),
     (No_Delay,                    "a-calend"),
     (No_Delay,                    "calendar"),
     (No_Dynamic_Priorities,       "a-dynpri"),
     (No_Finalization,             "a-finali"),
     (No_IO,                       "a-direio"),
     (No_IO,                       "directio"),
     (No_IO,                       "a-sequio"),
     (No_IO,                       "sequenio"),
     (No_IO,                       "a-ststio"),
     (No_IO,                       "a-textio"),
     (No_IO,                       "text_io "),
     (No_IO,                       "a-witeio"),
     (No_Task_Attributes_Package,  "a-tasatt"),
     (No_Unchecked_Conversion,     "a-unccon"),
     (No_Unchecked_Conversion,     "unchconv"),
     (No_Unchecked_Deallocation,   "a-uncdea"),
     (No_Unchecked_Deallocation,   "unchdeal"));

   --  The following map has True for all GNAT pragmas. It is used to
   --  implement pragma Restrictions (No_Implementation_Restrictions)
   --  (which is why this restriction itself is excluded from the list).

   Implementation_Restriction : array (All_Restrictions) of Boolean :=
     (Simple_Barriers                    => True,
      No_Calendar                        => True,
      No_Default_Initialization          => True,
      No_Direct_Boolean_Operators        => True,
      No_Dispatching_Calls               => True,
      No_Dynamic_Attachment              => True,
      No_Elaboration_Code                => True,
      No_Enumeration_Maps                => True,
      No_Entry_Calls_In_Elaboration_Code => True,
      No_Entry_Queue                     => True,
      No_Exception_Handlers              => True,
      No_Exception_Propagation           => True,
      No_Exception_Registration          => True,
      No_Finalization                    => True,
      No_Implementation_Attributes       => True,
      No_Implementation_Pragmas          => True,
      No_Implicit_Conditionals           => True,
      No_Implicit_Aliasing               => True,
      No_Implicit_Dynamic_Code           => True,
      No_Implicit_Loops                  => True,
      No_Initialize_Scalars              => True,
      No_Local_Protected_Objects         => True,
      No_Protected_Type_Allocators       => True,
      No_Relative_Delay                  => True,
      No_Requeue_Statements              => True,
      No_Secondary_Stack                 => True,
      No_Select_Statements               => True,
      No_Standard_Storage_Pools          => True,
      No_Stream_Optimizations            => True,
      No_Streams                         => True,
      No_Task_Attributes_Package         => True,
      No_Task_Termination                => True,
      No_Tasking                         => True,
      No_Wide_Characters                 => True,
      Static_Priorities                  => True,
      Static_Storage_Size                => True,
      SPARK                              => True,
      others                             => False);

   --  The following table records entries made by Restrictions pragmas
   --  that specify a parameter for No_Dependence. Each such pragma makes
   --  an entry in this table.

   --  Note: we have chosen to implement this restriction in the "syntactic"
   --  form, where we do not check that the named package is a language defined
   --  package, but instead we allow arbitrary package names. The discussion of
   --  this issue is not complete in the ARG, but the sense seems to be leaning
   --  in this direction, which makes more sense to us, since it is much more
   --  useful, and much easier to implement.

   type ND_Entry is record
      Unit : Node_Id;
      --  The unit parameter from the No_Dependence pragma

      Warn : Boolean;
      --  True if from Restriction_Warnings, False if from Restrictions

      Profile : Profile_Name;
      --  Set to name of profile from which No_Dependence entry came, or to
      --  No_Profile if a pragma Restriction set the No_Dependence entry.
   end record;

   package No_Dependences is new Table.Table (
     Table_Component_Type => ND_Entry,
     Table_Index_Type     => Int,
     Table_Low_Bound      => 0,
     Table_Initial        => 200,
     Table_Increment      => 200,
     Table_Name           => "Name_No_Dependences");

   -------------------------------
   -- SPARK Restriction Control --
   -------------------------------

   --  SPARK HIDE directives allow the effect of the SPARK restriction to be
   --  turned off for a specified region of code, and the following tables are
   --  the data structures used to keep track of these regions.

   --  The table contains pairs of source locations, the first being the start
   --  location for hidden region, and the second being the end location.

   --  Note that the start location is included in the hidden region, while
   --  the end location is excluded from it. (It typically corresponds to the
   --  next token during scanning.)

   type SPARK_Hide_Entry is record
      Start : Source_Ptr;
      Stop  : Source_Ptr;
   end record;

   package SPARK_Hides is new Table.Table (
     Table_Component_Type => SPARK_Hide_Entry,
     Table_Index_Type     => Natural,
     Table_Low_Bound      => 1,
     Table_Initial        => 100,
     Table_Increment      => 200,
     Table_Name           => "SPARK Hides");

   -----------------
   -- Subprograms --
   -----------------

   --  Note: several of these subprograms can generate error messages (e.g.
   --  Check_Restriction). These routines should be called in the analyzer
   --  rather than the expander, so that the associated error messages are
   --  correctly generated in semantics only (-gnatc) mode.

   function Abort_Allowed return Boolean;
   pragma Inline (Abort_Allowed);
   --  Tests to see if abort is allowed by the current restrictions settings.
   --  For abort to be allowed, either No_Abort_Statements must be False,
   --  or Max_Asynchronous_Select_Nesting must be non-zero.

   procedure Check_Compiler_Unit (N : Node_Id);
   --  If unit N is in a unit that has a pragma Compiler_Unit, then a message
   --  is posted on node N noting use of a construct that is not permitted in
   --  the compiler.

   procedure Check_Restricted_Unit (U : Unit_Name_Type; N : Node_Id);
   --  Checks if loading of unit U is prohibited by the setting of some
   --  restriction (e.g. No_IO restricts the loading of unit Ada.Text_IO).
   --  If a restriction exists post error message at the given node.

   procedure Check_Restriction
     (Msg_Issued : out Boolean;
      R          : Restriction_Id;
      N          : Node_Id;
      V          : Uint := Uint_Minus_1);
   --  Checks that the given restriction is not set, and if it is set, an
   --  appropriate message is posted on the given node, in which case
   --  Msg_Issued is set to True (and False otherwise). Also records the
   --  violation in the appropriate internal arrays. Note that it is mandatory
   --  to always use this routine to check if a restriction is violated. Such
   --  checks must never be done directly by the caller, since otherwise
   --  violations in the absence of restrictions are not properly recorded. The
   --  value of V is relevant only for parameter restrictions, and in this case
   --  indicates the exact count for the violation. If the exact count is not
   --  known, V is left at its default of -1 which indicates an unknown count.

   procedure Check_Restriction
     (R : Restriction_Id;
      N : Node_Id;
      V : Uint := Uint_Minus_1);
   --  Wrapper on Check_Restriction with Msg_Issued, with the out-parameter
   --  being ignored here.

   procedure Check_Restriction_No_Dependence (U : Node_Id; Err : Node_Id);
   --  Called when a dependence on a unit is created (either implicitly, or by
   --  an explicit WITH clause). U is a node for the unit involved, and Err is
   --  the node to which an error will be attached if necessary.

   procedure Check_Restriction_No_Specification_Of_Aspect (N : Node_Id);
   --  N is the node id for an N_Aspect_Specification. An error message
   --  (warning) will be issued if a restriction (warning) was previous set
   --  for this aspect using Set_No_Specification_Of_Aspect.

   procedure Check_Elaboration_Code_Allowed (N : Node_Id);
   --  Tests to see if elaboration code is allowed by the current restrictions
   --  settings. This function is called by Gigi when it needs to define an
   --  elaboration routine. If elaboration code is not allowed, an error
   --  message is posted on the node given as argument.

   procedure Check_SPARK_Restriction
     (Msg   : String;
      N     : Node_Id;
      Force : Boolean := False);
   --  Node N represents a construct not allowed in formal mode. If this is a
   --  source node, or if the restriction is forced (Force = True), and the
   --  SPARK restriction is set, then an error is issued on N. Msg is appended
   --  to the restriction failure message.

   procedure Check_SPARK_Restriction (Msg1, Msg2 : String; N : Node_Id);
   --  Same as Check_SPARK_Restriction except there is a continuation message
   --  Msg2 following the initial message Msg1.

   procedure Check_No_Implicit_Aliasing (Obj : Node_Id);
   --  Obj is a node for which Is_Aliased_View is True, which is being used in
   --  a context (e.g. 'Access) where no implicit aliasing is allowed if the
   --  restriction No_Implicit_Aliasing is set. This procedure checks for the
   --  case where the restriction is active and Obj does not meet the required
   --  rules for avoiding implicit aliases, and issues a restriction message.

   procedure Check_Implicit_Dynamic_Code_Allowed (N : Node_Id);
   --  Tests to see if dynamic code generation (dynamically generated
   --  trampolines, in particular) is allowed by the current restrictions
   --  settings. This function is called by Gigi when it needs to generate code
   --  that generates a trampoline. If not allowed, an error message is posted
   --  on the node given as argument.

   procedure Check_No_Implicit_Heap_Alloc (N : Node_Id);
   --  Equivalent to Check_Restriction (No_Implicit_Heap_Allocations, N).
   --  Provided for easy use by back end, which has to check this restriction.

   procedure Check_Obsolescent_2005_Entity (E : Entity_Id; N : Node_Id);
   --  This routine checks if the entity E is one of the obsolescent entries
   --  in Ada.Characters.Handling in Ada 2005 and No_Obsolescent_Features
   --  restriction is active. If so an appropriate message is given. N is
   --  the node on which the message is to be placed. It's a bit kludgy to
   --  have this highly specialized routine rather than some wonderful general
   --  mechanism (e.g. a special pragma) to handle this case, but there are
   --  only six cases, and it is not worth the effort to do something general.

   procedure Check_Wide_Character_Restriction (E : Entity_Id; N : Node_Id);
   --  This procedure checks if the No_Wide_Character restriction is active,
   --  and if so, if N Comes_From_Source, and the root type of E is one of
   --  [Wide_]Wide_Character or [Wide_]Wide_String, then the restriction
   --  violation is recorded, and an appropriate message given.

   function Get_Restriction_Id
     (N : Name_Id) return Restriction_Id;
   --  Given an identifier name, determines if it is a valid restriction
   --  identifier, and if so returns the corresponding Restriction_Id value,
   --  otherwise returns Not_A_Restriction_Id.

   function Is_In_Hidden_Part_In_SPARK (Loc : Source_Ptr) return Boolean;
   --  Determine if given location is covered by a hidden region range in the
   --  SPARK hides table.

   function No_Exception_Handlers_Set return Boolean;
   --  Test to see if current restrictions settings specify that no exception
   --  handlers are present. This function is called by Gigi when it needs to
   --  expand an AT END clean up identifier with no exception handler. True
   --  will be returned if the configurable run-time is activated, and either
   --  of the restrictions No_Exception_Handlers or No_Exception_Propagation is
   --  set. In the latter case, the source may contain handlers but they either
   --  get converted using the local goto transformation or deleted.

   function No_Exception_Propagation_Active return Boolean;
   --  Test to see if current restrictions settings specify that no
   --  exception propagation is activated.

   function Process_Restriction_Synonyms (N : Node_Id) return Name_Id;
   --  Id is a node whose Chars field contains the name of a restriction.
   --  If it is one of synonyms that we allow for historical purposes (for
   --  list see System.Rident), then the proper official name is returned.
   --  Otherwise the Chars field of the argument is returned unchanged.

   function Restriction_Active (R : All_Restrictions) return Boolean;
   pragma Inline (Restriction_Active);
   --  Determines if a given restriction is active. This call should only be
   --  used where the compiled code depends on whether the restriction is
   --  active. Always use Check_Restriction to record a violation. Note that
   --  this returns False if we only have a Restriction_Warnings set, since
   --  restriction warnings should never affect generated code. If you want
   --  to know if a call to Check_Restriction is needed then use the function
   --  Restriction_Check_Required instead.

   function Restriction_Check_Required (R : All_Restrictions) return Boolean;
   pragma Inline (Restriction_Check_Required);
   --  Determines if either a Restriction_Warnings or Restrictions pragma has
   --  been given for the specified restriction. If true, then a subsequent
   --  call to Check_Restriction is required if the restriction is violated.
   --  This must not be used to guard code generation that depends on whether
   --  a restriction is active (see Restriction_Active above). Typically it
   --  is used to avoid complex code to determine if a restriction is violated,
   --  executing this code only if needed.

   function Restricted_Profile return Boolean;
   --  Tests if set of restrictions corresponding to Profile (Restricted) is
   --  currently in effect (set by pragma Profile, or by an appropriate set of
   --  individual Restrictions pragmas). Returns True only if all the required
   --  restrictions are set.

   procedure Set_Hidden_Part_In_SPARK (Loc1, Loc2 : Source_Ptr);
   --  Insert a new hidden region range in the SPARK hides table

   procedure Set_Profile_Restrictions
     (P    : Profile_Name;
      N    : Node_Id;
      Warn : Boolean);
   --  Sets the set of restrictions associated with the given profile name. N
   --  is the node of the construct to which error messages are to be attached
   --  as required. Warn is set True for the case of Profile_Warnings where the
   --  restrictions are set as warnings rather than legality requirements, and
   --  is also True for Profile if the Treat_Restrictions_As_Warnings flag is
   --  set. It is false for Profile if this flag is not set.

   procedure Set_Restriction
     (R : All_Boolean_Restrictions;
      N : Node_Id);
   --  N is a node (typically a pragma node) that has the effect of setting
   --  Boolean restriction R. The restriction is set in Restrictions, and
   --  also in Main_Restrictions if this is the main unit.

   procedure Set_Restriction
     (R : All_Parameter_Restrictions;
      N : Node_Id;
      V : Integer);
   --  Similar to the above, except that this is used for the case of a
   --  parameter restriction, and the corresponding value V is given.

   procedure Set_Restriction_No_Dependence
     (Unit    : Node_Id;
      Warn    : Boolean;
      Profile : Profile_Name := No_Profile);
   --  Sets given No_Dependence restriction in table if not there already. Warn
   --  is True if from Restriction_Warnings, or for Restrictions if the flag
   --  Treat_Restrictions_As_Warnings is set. False if from Restrictions and
   --  this flag is not set. Profile is set to a non-default value if the
   --  No_Dependence restriction comes from a Profile pragma.

   procedure Set_Restriction_No_Specification_Of_Aspect
     (N       : Node_Id;
      Warning : Boolean);
   --  N is the node id for an identifier from a pragma Restrictions for the
   --  No_Specification_Of_Aspect pragma. An error message will be issued if
   --  the identifier is not a valid aspect name. Warning is set True for the
   --  case of a Restriction_Warnings pragma specifying this restriction and
   --  False for a Restrictions pragma specifying this restriction.

   function Tasking_Allowed return Boolean;
   pragma Inline (Tasking_Allowed);
   --  Tests if tasking operations are allowed by the current restrictions
   --  settings. For tasking to be allowed Max_Tasks must be non-zero.

   ----------------------------------------------
   -- Handling of Boolean Compilation Switches --
   ----------------------------------------------

   --  The following declarations are used for proper saving and restoring of
   --  restrictions for separate compilation units. There are two cases:

   --    For partition-wide restrictions, we just let the restrictions pragmas
   --    pile up, and we never reset them. We might as well detect what we can
   --    at compile time. If e.g. a with'ed unit has a restriction for one of
   --    the partition-wide restrictions, then the binder will enforce it on
   --    all units in the partition, including the unit with the WITH. Although
   --    it would not be wrong to leave this till bind time, we might as well
   --    flag it earlier at compile time.

   --    For non-partition-wide restrictions, we have quite a different state
   --    of affairs. Here it would be quite wrong to carry a restriction from
   --    a with'ed unit to another with'ed unit, or from a package spec to the
   --    package body. This means that we have to reset these non-partition
   --    wide restrictions at the start of each separate compilation unit. For
   --    units in the extended main program, we need to reset them all to the
   --    values set by the configuration pragma file(s). For units not in the
   --    extended main program, e.g. with'ed units, we might as well reset all
   --    of these restrictions to off (False). The actual initial values will
   --    be taken from the config files active when those units are compiled
   --    as main units.

   type Save_Cunit_Boolean_Restrictions is private;
   --  Type used for saving and restoring compilation unit restrictions.

   function Cunit_Boolean_Restrictions_Save
     return Save_Cunit_Boolean_Restrictions;
   --  This function saves the compilation unit restriction settings, leaving
   --  then unchanged. This is used e.g. at the start of processing a context
   --  clause, so that the main unit restrictions can be restored after all
   --  the with'ed units have been processed.

   procedure Cunit_Boolean_Restrictions_Restore
     (R : Save_Cunit_Boolean_Restrictions);
   --  This is the corresponding restore procedure to restore restrictions
   --  previously saved by Cunit_Boolean_Restrictions_Save. However it does
   --  not reset No_Elaboration_Code, this stays set if it was set before
   --  the call, and also if it is set before the call, then the Config
   --  setting is also updated to include this restriction. This is what
   --  implements the special handling of No_Elaboration_Code.

   procedure Save_Config_Cunit_Boolean_Restrictions;
   --  This saves the current compilation unit restrictions in an internal
   --  variable, and leaves them unchanged. This is called immediately after
   --  processing the configuration file pragmas, to record the restrictions
   --  set by these configuration file pragmas.

   procedure Restore_Config_Cunit_Boolean_Restrictions;
   --  This restores the value saved by the previous call to save config values
   --  saved by Save_Config_Cunit_Boolean_Restrictions. It is called at the
   --  start of processing a new unit that is part of the main sources (e.g.
   --  a package spec when the main unit is a package body).

   procedure Reset_Cunit_Boolean_Restrictions;
   --  Turns off all non-partition-wide boolean restrictions

   procedure Add_To_Config_Boolean_Restrictions (R : Restriction_Id);
   --  Add specified restriction to stored configuration boolean restrictions.
   --  This is used for handling the special case of No_Elaboration_Code.

private
   type Save_Cunit_Boolean_Restrictions is
     array (Cunit_Boolean_Restrictions) of Boolean;
   --  Type used for saving and restoring compilation unit restrictions.
   --  See Compilation_Unit_Restrictions_[Save|Restore] subprograms.

end Restrict;