GNAT Reference Manual

Next:   [Contents][Index]

GNAT Reference Manual

GNAT Reference Manual , Dec 11, 2020

AdaCore

Copyright © 2008-2021, Free Software Foundation

`GNAT, The GNU Ada Development Environment'

GCC version 11.3.0
AdaCore

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, with the Front-Cover Texts being "GNAT Reference Manual", and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License.

Table of Contents


1 About This Guide

This manual contains useful information in writing programs using the GNAT compiler. It includes information on implementation dependent characteristics of GNAT, including all the information required by Annex M of the Ada language standard.

GNAT implements Ada 95, Ada 2005 and Ada 2012, and it may also be invoked in Ada 83 compatibility mode. By default, GNAT assumes Ada 2012, but you can override with a compiler switch to explicitly specify the language version. (Please refer to the `GNAT User’s Guide' for details on these switches.) Throughout this manual, references to ’Ada’ without a year suffix apply to all the Ada versions of the language.

Ada is designed to be highly portable. In general, a program will have the same effect even when compiled by different compilers on different platforms. However, since Ada is designed to be used in a wide variety of applications, it also contains a number of system dependent features to be used in interfacing to the external world.

Note: Any program that makes use of implementation-dependent features may be non-portable. You should follow good programming practice and isolate and clearly document any sections of your program that make use of these features in a non-portable manner.


1.1 What This Reference Manual Contains

This reference manual contains the following chapters:

  • * Implementation Defined Pragmas, lists GNAT implementation-dependent pragmas, which can be used to extend and enhance the functionality of the compiler.
  • * Implementation Defined Attributes, lists GNAT implementation-dependent attributes, which can be used to extend and enhance the functionality of the compiler.
  • * Standard and Implementation Defined Restrictions, lists GNAT implementation-dependent restrictions, which can be used to extend and enhance the functionality of the compiler.
  • * Implementation Advice, provides information on generally desirable behavior which are not requirements that all compilers must follow since it cannot be provided on all systems, or which may be undesirable on some systems.
  • * Implementation Defined Characteristics, provides a guide to minimizing implementation dependent features.
  • * Intrinsic Subprograms, describes the intrinsic subprograms implemented by GNAT, and how they can be imported into user application programs.
  • * Representation Clauses and Pragmas, describes in detail the way that GNAT represents data, and in particular the exact set of representation clauses and pragmas that is accepted.
  • * Standard Library Routines, provides a listing of packages and a brief description of the functionality that is provided by Ada’s extensive set of standard library routines as implemented by GNAT.
  • * The Implementation of Standard I/O, details how the GNAT implementation of the input-output facilities.
  • * The GNAT Library, is a catalog of packages that complement the Ada predefined library.
  • * Interfacing to Other Languages, describes how programs written in Ada using GNAT can be interfaced to other programming languages.
  • * Specialized Needs Annexes, describes the GNAT implementation of all of the specialized needs annexes.
  • * Implementation of Specific Ada Features, discusses issues related to GNAT’s implementation of machine code insertions, tasking, and several other features.
  • * Implementation of Ada 2012 Features, describes the status of the GNAT implementation of the Ada 2012 language standard.
  • * Obsolescent Features documents implementation dependent features, including pragmas and attributes, which are considered obsolescent, since there are other preferred ways of achieving the same results. These obsolescent forms are retained for backwards compatibility.
  • * Compatibility and Porting Guide presents some guidelines for developing portable Ada code, describes the compatibility issues that may arise between GNAT and other Ada compilation systems (including those for Ada 83), and shows how GNAT can expedite porting applications developed in other Ada environments.
  • * GNU Free Documentation License contains the license for this document.

This reference manual assumes a basic familiarity with the Ada 95 language, as described in the International Standard ANSI/ISO/IEC-8652:1995. It does not require knowledge of the new features introduced by Ada 2005 or Ada 2012. All three reference manuals are included in the GNAT documentation package.


1.2 Conventions

Following are examples of the typographical and graphic conventions used in this guide:

  • * Functions, utility program names, standard names, and classes.
  • * Option flags
  • * File names
  • * Variables
  • * `Emphasis'
  • * [optional information or parameters]
  • * Examples are described by text
    and then shown this way.
    
  • * Commands that are entered by the user are shown as preceded by a prompt string comprising the $ character followed by a space.

2 Implementation Defined Pragmas

Ada defines a set of pragmas that can be used to supply additional information to the compiler. These language defined pragmas are implemented in GNAT and work as described in the Ada Reference Manual.

In addition, Ada allows implementations to define additional pragmas whose meaning is defined by the implementation. GNAT provides a number of these implementation-defined pragmas, which can be used to extend and enhance the functionality of the compiler. This section of the GNAT Reference Manual describes these additional pragmas.

Note that any program using these pragmas might not be portable to other compilers (although GNAT implements this set of pragmas on all platforms). Therefore if portability to other compilers is an important consideration, the use of these pragmas should be minimized.


2.1 Pragma Abort_Defer

Syntax:

pragma Abort_Defer;

This pragma must appear at the start of the statement sequence of a handled sequence of statements (right after the begin). It has the effect of deferring aborts for the sequence of statements (but not for the declarations or handlers, if any, associated with this statement sequence). This can also be useful for adding a polling point in Ada code, where asynchronous abort of tasks is checked when leaving the statement sequence, and is lighter than, for example, using delay 0.0;, since with zero-cost exception handling, propagating exceptions (implicitly used to implement task abort) cannot be done reliably in an asynchronous way.

An example of usage would be:

--  Add a polling point to check for task aborts

begin
   pragma Abort_Defer;
end;

2.2 Pragma Abstract_State

Syntax:

pragma Abstract_State (ABSTRACT_STATE_LIST);

ABSTRACT_STATE_LIST ::=
     null
  |  STATE_NAME_WITH_OPTIONS
  | (STATE_NAME_WITH_OPTIONS {, STATE_NAME_WITH_OPTIONS} )

STATE_NAME_WITH_OPTIONS ::=
     STATE_NAME
  | (STATE_NAME with OPTION_LIST)

OPTION_LIST ::= OPTION {, OPTION}

OPTION ::=
    SIMPLE_OPTION
  | NAME_VALUE_OPTION

SIMPLE_OPTION ::= Ghost | Synchronous

NAME_VALUE_OPTION ::=
    Part_Of => ABSTRACT_STATE
  | External [=> EXTERNAL_PROPERTY_LIST]

EXTERNAL_PROPERTY_LIST ::=
     EXTERNAL_PROPERTY
  | (EXTERNAL_PROPERTY {, EXTERNAL_PROPERTY} )

EXTERNAL_PROPERTY ::=
    Async_Readers    [=> boolean_EXPRESSION]
  | Async_Writers    [=> boolean_EXPRESSION]
  | Effective_Reads  [=> boolean_EXPRESSION]
  | Effective_Writes [=> boolean_EXPRESSION]
    others            => boolean_EXPRESSION

STATE_NAME ::= defining_identifier

ABSTRACT_STATE ::= name

For the semantics of this pragma, see the entry for aspect Abstract_State in the SPARK 2014 Reference Manual, section 7.1.4.


2.3 Pragma Ada_83

Syntax:

pragma Ada_83;

A configuration pragma that establishes Ada 83 mode for the unit to which it applies, regardless of the mode set by the command line switches. In Ada 83 mode, GNAT attempts to be as compatible with the syntax and semantics of Ada 83, as defined in the original Ada 83 Reference Manual as possible. In particular, the keywords added by Ada 95 and Ada 2005 are not recognized, optional package bodies are allowed, and generics may name types with unknown discriminants without using the (<>) notation. In addition, some but not all of the additional restrictions of Ada 83 are enforced.

Ada 83 mode is intended for two purposes. Firstly, it allows existing Ada 83 code to be compiled and adapted to GNAT with less effort. Secondly, it aids in keeping code backwards compatible with Ada 83. However, there is no guarantee that code that is processed correctly by GNAT in Ada 83 mode will in fact compile and execute with an Ada 83 compiler, since GNAT does not enforce all the additional checks required by Ada 83.


2.4 Pragma Ada_95

Syntax:

pragma Ada_95;

A configuration pragma that establishes Ada 95 mode for the unit to which it applies, regardless of the mode set by the command line switches. This mode is set automatically for the Ada and System packages and their children, so you need not specify it in these contexts. This pragma is useful when writing a reusable component that itself uses Ada 95 features, but which is intended to be usable from either Ada 83 or Ada 95 programs.


2.5 Pragma Ada_05

Syntax:

pragma Ada_05;
pragma Ada_05 (local_NAME);

A configuration pragma that establishes Ada 2005 mode for the unit to which it applies, regardless of the mode set by the command line switches. This pragma is useful when writing a reusable component that itself uses Ada 2005 features, but which is intended to be usable from either Ada 83 or Ada 95 programs.

The one argument form (which is not a configuration pragma) is used for managing the transition from Ada 95 to Ada 2005 in the run-time library. If an entity is marked as Ada_2005 only, then referencing the entity in Ada_83 or Ada_95 mode will generate a warning. In addition, in Ada_83 or Ada_95 mode, a preference rule is established which does not choose such an entity unless it is unambiguously specified. This avoids extra subprograms marked this way from generating ambiguities in otherwise legal pre-Ada_2005 programs. The one argument form is intended for exclusive use in the GNAT run-time library.


2.6 Pragma Ada_2005

Syntax:

pragma Ada_2005;

This configuration pragma is a synonym for pragma Ada_05 and has the same syntax and effect.


2.7 Pragma Ada_12

Syntax:

pragma Ada_12;
pragma Ada_12 (local_NAME);

A configuration pragma that establishes Ada 2012 mode for the unit to which it applies, regardless of the mode set by the command line switches. This mode is set automatically for the Ada and System packages and their children, so you need not specify it in these contexts. This pragma is useful when writing a reusable component that itself uses Ada 2012 features, but which is intended to be usable from Ada 83, Ada 95, or Ada 2005 programs.

The one argument form, which is not a configuration pragma, is used for managing the transition from Ada 2005 to Ada 2012 in the run-time library. If an entity is marked as Ada_2012 only, then referencing the entity in any pre-Ada_2012 mode will generate a warning. In addition, in any pre-Ada_2012 mode, a preference rule is established which does not choose such an entity unless it is unambiguously specified. This avoids extra subprograms marked this way from generating ambiguities in otherwise legal pre-Ada_2012 programs. The one argument form is intended for exclusive use in the GNAT run-time library.


2.8 Pragma Ada_2012

Syntax:

pragma Ada_2012;

This configuration pragma is a synonym for pragma Ada_12 and has the same syntax and effect.


2.9 Pragma Aggregate_Individually_Assign

Syntax:

pragma Aggregate_Individually_Assign;

Where possible, GNAT will store the binary representation of a record aggregate in memory for space and performance reasons. This configuration pragma changes this behavior so that record aggregates are instead always converted into individual assignment statements.


2.10 Pragma Allow_Integer_Address

Syntax:

pragma Allow_Integer_Address;

In almost all versions of GNAT, System.Address is a private type in accordance with the implementation advice in the RM. This means that integer values, in particular integer literals, are not allowed as address values. If the configuration pragma Allow_Integer_Address is given, then integer expressions may be used anywhere a value of type System.Address is required. The effect is to introduce an implicit unchecked conversion from the integer value to type System.Address. The reverse case of using an address where an integer type is required is handled analogously. The following example compiles without errors:

pragma Allow_Integer_Address;
with System; use System;
package AddrAsInt is
   X : Integer;
   Y : Integer;
   for X'Address use 16#1240#;
   for Y use at 16#3230#;
   m : Address := 16#4000#;
   n : constant Address := 4000;
   p : constant Address := Address (X + Y);
   v : Integer := y'Address;
   w : constant Integer := Integer (Y'Address);
   type R is new integer;
   RR : R := 1000;
   Z : Integer;
   for Z'Address use RR;
end AddrAsInt;

Note that pragma Allow_Integer_Address is ignored if System.Address is not a private type. In implementations of GNAT where System.Address is a visible integer type, this pragma serves no purpose but is ignored rather than rejected to allow common sets of sources to be used in the two situations.


2.11 Pragma Annotate

Syntax:

pragma Annotate (IDENTIFIER [, IDENTIFIER {, ARG}] [, entity => local_NAME]);

ARG ::= NAME | EXPRESSION

This pragma is used to annotate programs. IDENTIFIER identifies the type of annotation. GNAT verifies that it is an identifier, but does not otherwise analyze it. The second optional identifier is also left unanalyzed, and by convention is used to control the action of the tool to which the annotation is addressed. The remaining ARG arguments can be either string literals or more generally expressions. String literals (and concatenations of string literals) are assumed to be either of type Standard.String or else Wide_String or Wide_Wide_String depending on the character literals they contain. All other kinds of arguments are analyzed as expressions, and must be unambiguous. The last argument if present must have the identifier Entity and GNAT verifies that a local name is given.

The analyzed pragma is retained in the tree, but not otherwise processed by any part of the GNAT compiler, except to generate corresponding note lines in the generated ALI file. For the format of these note lines, see the compiler source file lib-writ.ads. This pragma is intended for use by external tools, including ASIS. The use of pragma Annotate does not affect the compilation process in any way. This pragma may be used as a configuration pragma.


2.12 Pragma Assert

Syntax:

pragma Assert (
  boolean_EXPRESSION
  [, string_EXPRESSION]);

The effect of this pragma depends on whether the corresponding command line switch is set to activate assertions. The pragma expands into code equivalent to the following:

if assertions-enabled then
   if not boolean_EXPRESSION then
      System.Assertions.Raise_Assert_Failure
        (string_EXPRESSION);
   end if;
end if;

The string argument, if given, is the message that will be associated with the exception occurrence if the exception is raised. If no second argument is given, the default message is file:nnn, where file is the name of the source file containing the assert, and nnn is the line number of the assert.

Note that, as with the if statement to which it is equivalent, the type of the expression is either Standard.Boolean, or any type derived from this standard type.

Assert checks can be either checked or ignored. By default they are ignored. They will be checked if either the command line switch `-gnata' is used, or if an Assertion_Policy or Check_Policy pragma is used to enable Assert_Checks.

If assertions are ignored, then there is no run-time effect (and in particular, any side effects from the expression will not occur at run time). (The expression is still analyzed at compile time, and may cause types to be frozen if they are mentioned here for the first time).

If assertions are checked, then the given expression is tested, and if it is False then System.Assertions.Raise_Assert_Failure is called which results in the raising of Assert_Failure with the given message.

You should generally avoid side effects in the expression arguments of this pragma, because these side effects will turn on and off with the setting of the assertions mode, resulting in assertions that have an effect on the program. However, the expressions are analyzed for semantic correctness whether or not assertions are enabled, so turning assertions on and off cannot affect the legality of a program.

Note that the implementation defined policy DISABLE, given in a pragma Assertion_Policy, can be used to suppress this semantic analysis.

Note: this is a standard language-defined pragma in versions of Ada from 2005 on. In GNAT, it is implemented in all versions of Ada, and the DISABLE policy is an implementation-defined addition.


2.13 Pragma Assert_And_Cut

Syntax:

pragma Assert_And_Cut (
  boolean_EXPRESSION
  [, string_EXPRESSION]);

The effect of this pragma is identical to that of pragma Assert, except that in an Assertion_Policy pragma, the identifier Assert_And_Cut is used to control whether it is ignored or checked (or disabled).

The intention is that this be used within a subprogram when the given test expresion sums up all the work done so far in the subprogram, so that the rest of the subprogram can be verified (informally or formally) using only the entry preconditions, and the expression in this pragma. This allows dividing up a subprogram into sections for the purposes of testing or formal verification. The pragma also serves as useful documentation.


2.14 Pragma Assertion_Policy

Syntax:

pragma Assertion_Policy (CHECK | DISABLE | IGNORE | SUPPRESSIBLE);

pragma Assertion_Policy (
    ASSERTION_KIND => POLICY_IDENTIFIER
 {, ASSERTION_KIND => POLICY_IDENTIFIER});

ASSERTION_KIND ::= RM_ASSERTION_KIND | ID_ASSERTION_KIND

RM_ASSERTION_KIND ::= Assert                    |
                      Static_Predicate          |
                      Dynamic_Predicate         |
                      Pre                       |
                      Pre'Class                 |
                      Post                      |
                      Post'Class                |
                      Type_Invariant            |
                      Type_Invariant'Class      |
                      Default_Initial_Condition

ID_ASSERTION_KIND ::= Assertions           |
                      Assert_And_Cut       |
                      Assume               |
                      Contract_Cases       |
                      Debug                |
                      Ghost                |
                      Initial_Condition    |
                      Invariant            |
                      Invariant'Class      |
                      Loop_Invariant       |
                      Loop_Variant         |
                      Postcondition        |
                      Precondition         |
                      Predicate            |
                      Refined_Post         |
                      Statement_Assertions |
                      Subprogram_Variant

POLICY_IDENTIFIER ::= Check | Disable | Ignore | Suppressible

This is a standard Ada 2012 pragma that is available as an implementation-defined pragma in earlier versions of Ada. The assertion kinds RM_ASSERTION_KIND are those defined in the Ada standard. The assertion kinds ID_ASSERTION_KIND are implementation defined additions recognized by the GNAT compiler.

The pragma applies in both cases to pragmas and aspects with matching names, e.g. Pre applies to the Pre aspect, and Precondition applies to both the Precondition pragma and the aspect Precondition. Note that the identifiers for pragmas Pre_Class and Post_Class are Pre’Class and Post’Class (not Pre_Class and Post_Class), since these pragmas are intended to be identical to the corresponding aspects).

If the policy is CHECK, then assertions are enabled, i.e. the corresponding pragma or aspect is activated. If the policy is IGNORE, then assertions are ignored, i.e. the corresponding pragma or aspect is deactivated. This pragma overrides the effect of the `-gnata' switch on the command line. If the policy is SUPPRESSIBLE, then assertions are enabled by default, however, if the `-gnatp' switch is specified all assertions are ignored.

The implementation defined policy DISABLE is like IGNORE except that it completely disables semantic checking of the corresponding pragma or aspect. This is useful when the pragma or aspect argument references subprograms in a with’ed package which is replaced by a dummy package for the final build.

The implementation defined assertion kind Assertions applies to all assertion kinds. The form with no assertion kind given implies this choice, so it applies to all assertion kinds (RM defined, and implementation defined).

The implementation defined assertion kind Statement_Assertions applies to Assert, Assert_And_Cut, Assume, Loop_Invariant, and Loop_Variant.


2.15 Pragma Assume

Syntax:

pragma Assume (
  boolean_EXPRESSION
  [, string_EXPRESSION]);

The effect of this pragma is identical to that of pragma Assert, except that in an Assertion_Policy pragma, the identifier Assume is used to control whether it is ignored or checked (or disabled).

The intention is that this be used for assumptions about the external environment. So you cannot expect to verify formally or informally that the condition is met, this must be established by examining things outside the program itself. For example, we may have code that depends on the size of Long_Long_Integer being at least 64. So we could write:

pragma Assume (Long_Long_Integer'Size >= 64);

This assumption cannot be proved from the program itself, but it acts as a useful run-time check that the assumption is met, and documents the need to ensure that it is met by reference to information outside the program.


2.16 Pragma Assume_No_Invalid_Values

Syntax:

pragma Assume_No_Invalid_Values (On | Off);

This is a configuration pragma that controls the assumptions made by the compiler about the occurrence of invalid representations (invalid values) in the code.

The default behavior (corresponding to an Off argument for this pragma), is to assume that values may in general be invalid unless the compiler can prove they are valid. Consider the following example:

V1 : Integer range 1 .. 10;
V2 : Integer range 11 .. 20;
...
for J in V2 .. V1 loop
   ...
end loop;

if V1 and V2 have valid values, then the loop is known at compile time not to execute since the lower bound must be greater than the upper bound. However in default mode, no such assumption is made, and the loop may execute. If Assume_No_Invalid_Values (On) is given, the compiler will assume that any occurrence of a variable other than in an explicit 'Valid test always has a valid value, and the loop above will be optimized away.

The use of Assume_No_Invalid_Values (On) is appropriate if you know your code is free of uninitialized variables and other possible sources of invalid representations, and may result in more efficient code. A program that accesses an invalid representation with this pragma in effect is erroneous, so no guarantees can be made about its behavior.

It is peculiar though permissible to use this pragma in conjunction with validity checking (-gnatVa). In such cases, accessing invalid values will generally give an exception, though formally the program is erroneous so there are no guarantees that this will always be the case, and it is recommended that these two options not be used together.


2.17 Pragma Async_Readers

Syntax:

pragma Async_Readers [ (boolean_EXPRESSION) ];

For the semantics of this pragma, see the entry for aspect Async_Readers in the SPARK 2014 Reference Manual, section 7.1.2.


2.18 Pragma Async_Writers

Syntax:

pragma Async_Writers [ (boolean_EXPRESSION) ];

For the semantics of this pragma, see the entry for aspect Async_Writers in the SPARK 2014 Reference Manual, section 7.1.2.


2.19 Pragma Attribute_Definition

Syntax:

pragma Attribute_Definition
  ([Attribute  =>] ATTRIBUTE_DESIGNATOR,
   [Entity     =>] LOCAL_NAME,
   [Expression =>] EXPRESSION | NAME);

If Attribute is a known attribute name, this pragma is equivalent to the attribute definition clause:

for Entity'Attribute use Expression;

If Attribute is not a recognized attribute name, the pragma is ignored, and a warning is emitted. This allows source code to be written that takes advantage of some new attribute, while remaining compilable with earlier compilers.


2.20 Pragma C_Pass_By_Copy

Syntax:

pragma C_Pass_By_Copy
  ([Max_Size =>] static_integer_EXPRESSION);

Normally the default mechanism for passing C convention records to C convention subprograms is to pass them by reference, as suggested by RM B.3(69). Use the configuration pragma C_Pass_By_Copy to change this default, by requiring that record formal parameters be passed by copy if all of the following conditions are met:

  • * The size of the record type does not exceed the value specified for Max_Size.
  • * The record type has Convention C.
  • * The formal parameter has this record type, and the subprogram has a foreign (non-Ada) convention.

If these conditions are met the argument is passed by copy; i.e., in a manner consistent with what C expects if the corresponding formal in the C prototype is a struct (rather than a pointer to a struct).

You can also pass records by copy by specifying the convention C_Pass_By_Copy for the record type, or by using the extended Import and Export pragmas, which allow specification of passing mechanisms on a parameter by parameter basis.


2.21 Pragma Check

Syntax:

pragma Check (
     [Name    =>] CHECK_KIND,
     [Check   =>] Boolean_EXPRESSION
  [, [Message =>] string_EXPRESSION] );

CHECK_KIND ::= IDENTIFIER           |
               Pre'Class            |
               Post'Class           |
               Type_Invariant'Class |
               Invariant'Class

This pragma is similar to the predefined pragma Assert except that an extra identifier argument is present. In conjunction with pragma Check_Policy, this can be used to define groups of assertions that can be independently controlled. The identifier Assertion is special, it refers to the normal set of pragma Assert statements.

Checks introduced by this pragma are normally deactivated by default. They can be activated either by the command line option `-gnata', which turns on all checks, or individually controlled using pragma Check_Policy.

The identifiers Assertions and Statement_Assertions are not permitted as check kinds, since this would cause confusion with the use of these identifiers in Assertion_Policy and Check_Policy pragmas, where they are used to refer to sets of assertions.


2.22 Pragma Check_Float_Overflow

Syntax:

pragma Check_Float_Overflow;

In Ada, the predefined floating-point types (Short_Float, Float, Long_Float, Long_Long_Float) are defined to be `unconstrained'. This means that even though each has a well-defined base range, an operation that delivers a result outside this base range is not required to raise an exception. This implementation permission accommodates the notion of infinities in IEEE floating-point, and corresponds to the efficient execution mode on most machines. GNAT will not raise overflow exceptions on these machines; instead it will generate infinities and NaN’s as defined in the IEEE standard.

Generating infinities, although efficient, is not always desirable. Often the preferable approach is to check for overflow, even at the (perhaps considerable) expense of run-time performance. This can be accomplished by defining your own constrained floating-point subtypes – i.e., by supplying explicit range constraints – and indeed such a subtype can have the same base range as its base type. For example:

subtype My_Float is Float range Float'Range;

Here My_Float has the same range as Float but is constrained, so operations on My_Float values will be checked for overflow against this range.

This style will achieve the desired goal, but it is often more convenient to be able to simply use the standard predefined floating-point types as long as overflow checking could be guaranteed. The Check_Float_Overflow configuration pragma achieves this effect. If a unit is compiled subject to this configuration pragma, then all operations on predefined floating-point types including operations on base types of these floating-point types will be treated as though those types were constrained, and overflow checks will be generated. The Constraint_Error exception is raised if the result is out of range.

This mode can also be set by use of the compiler switch `-gnateF'.


2.23 Pragma Check_Name

Syntax:

pragma Check_Name (check_name_IDENTIFIER);

This is a configuration pragma that defines a new implementation defined check name (unless IDENTIFIER matches one of the predefined check names, in which case the pragma has no effect). Check names are global to a partition, so if two or more configuration pragmas are present in a partition mentioning the same name, only one new check name is introduced.

An implementation defined check name introduced with this pragma may be used in only three contexts: pragma Suppress, pragma Unsuppress, and as the prefix of a Check_Name'Enabled attribute reference. For any of these three cases, the check name must be visible. A check name is visible if it is in the configuration pragmas applying to the current unit, or if it appears at the start of any unit that is part of the dependency set of the current unit (e.g., units that are mentioned in with clauses).

Check names introduced by this pragma are subject to control by compiler switches (in particular -gnatp) in the usual manner.


2.24 Pragma Check_Policy

Syntax:

pragma Check_Policy
 ([Name   =>] CHECK_KIND,
  [Policy =>] POLICY_IDENTIFIER);

pragma Check_Policy (
    CHECK_KIND => POLICY_IDENTIFIER
 {, CHECK_KIND => POLICY_IDENTIFIER});

ASSERTION_KIND ::= RM_ASSERTION_KIND | ID_ASSERTION_KIND

CHECK_KIND ::= IDENTIFIER           |
               Pre'Class            |
               Post'Class           |
               Type_Invariant'Class |
               Invariant'Class

The identifiers Name and Policy are not allowed as CHECK_KIND values. This
avoids confusion between the two possible syntax forms for this pragma.

POLICY_IDENTIFIER ::= ON | OFF | CHECK | DISABLE | IGNORE

This pragma is used to set the checking policy for assertions (specified by aspects or pragmas), the Debug pragma, or additional checks to be checked using the Check pragma. It may appear either as a configuration pragma, or within a declarative part of package. In the latter case, it applies from the point where it appears to the end of the declarative region (like pragma Suppress).

The Check_Policy pragma is similar to the predefined Assertion_Policy pragma, and if the check kind corresponds to one of the assertion kinds that are allowed by Assertion_Policy, then the effect is identical.

If the first argument is Debug, then the policy applies to Debug pragmas, disabling their effect if the policy is OFF, DISABLE, or IGNORE, and allowing them to execute with normal semantics if the policy is ON or CHECK. In addition if the policy is DISABLE, then the procedure call in Debug pragmas will be totally ignored and not analyzed semantically.

Finally the first argument may be some other identifier than the above possibilities, in which case it controls a set of named assertions that can be checked using pragma Check. For example, if the pragma:

pragma Check_Policy (Critical_Error, OFF);

is given, then subsequent Check pragmas whose first argument is also Critical_Error will be disabled.

The check policy is OFF to turn off corresponding checks, and ON to turn on corresponding checks. The default for a set of checks for which no Check_Policy is given is OFF unless the compiler switch `-gnata' is given, which turns on all checks by default.

The check policy settings CHECK and IGNORE are recognized as synonyms for ON and OFF. These synonyms are provided for compatibility with the standard Assertion_Policy pragma. The check policy setting DISABLE causes the second argument of a corresponding Check pragma to be completely ignored and not analyzed.


2.25 Pragma Comment

Syntax:

pragma Comment (static_string_EXPRESSION);

This is almost identical in effect to pragma Ident. It allows the placement of a comment into the object file and hence into the executable file if the operating system permits such usage. The difference is that Comment, unlike Ident, has no limitations on placement of the pragma (it can be placed anywhere in the main source unit), and if more than one pragma is used, all comments are retained.


2.26 Pragma Common_Object

Syntax:

pragma Common_Object (
     [Internal =>] LOCAL_NAME
  [, [External =>] EXTERNAL_SYMBOL]
  [, [Size     =>] EXTERNAL_SYMBOL] );

EXTERNAL_SYMBOL ::=
  IDENTIFIER
| static_string_EXPRESSION

This pragma enables the shared use of variables stored in overlaid linker areas corresponding to the use of COMMON in Fortran. The single object LOCAL_NAME is assigned to the area designated by the External argument. You may define a record to correspond to a series of fields. The Size argument is syntax checked in GNAT, but otherwise ignored.

Common_Object is not supported on all platforms. If no support is available, then the code generator will issue a message indicating that the necessary attribute for implementation of this pragma is not available.


2.27 Pragma Compile_Time_Error

Syntax:

pragma Compile_Time_Error
         (boolean_EXPRESSION, static_string_EXPRESSION);

This pragma can be used to generate additional compile time error messages. It is particularly useful in generics, where errors can be issued for specific problematic instantiations. The first parameter is a boolean expression. The pragma ensures that the value of an expression is known at compile time, and has the value False. The set of expressions whose values are known at compile time includes all static boolean expressions, and also other values which the compiler can determine at compile time (e.g., the size of a record type set by an explicit size representation clause, or the value of a variable which was initialized to a constant and is known not to have been modified). If these conditions are not met, an error message is generated using the value given as the second argument. This string value may contain embedded ASCII.LF characters to break the message into multiple lines.


2.28 Pragma Compile_Time_Warning

Syntax:

pragma Compile_Time_Warning
         (boolean_EXPRESSION, static_string_EXPRESSION);

Same as pragma Compile_Time_Error, except a warning is issued instead of an error message. If switch `-gnatw_C' is used, a warning is only issued if the value of the expression is known to be True at compile time, not when the value of the expression is not known at compile time. Note that if this pragma is used in a package that is with’ed by a client, the client will get the warning even though it is issued by a with’ed package (normally warnings in with’ed units are suppressed, but this is a special exception to that rule).

One typical use is within a generic where compile time known characteristics of formal parameters are tested, and warnings given appropriately. Another use with a first parameter of True is to warn a client about use of a package, for example that it is not fully implemented.

In previous versions of the compiler, combining `-gnatwe' with Compile_Time_Warning resulted in a fatal error. Now the compiler always emits a warning. You can use Pragma Compile_Time_Error to force the generation of an error.


2.29 Pragma Compiler_Unit

Syntax:

pragma Compiler_Unit;

This pragma is obsolete. It is equivalent to Compiler_Unit_Warning. It is retained so that old versions of the GNAT run-time that use this pragma can be compiled with newer versions of the compiler.


2.30 Pragma Compiler_Unit_Warning

Syntax:

pragma Compiler_Unit_Warning;

This pragma is intended only for internal use in the GNAT run-time library. It indicates that the unit is used as part of the compiler build. The effect is to generate warnings for the use of constructs (for example, conditional expressions) that would cause trouble when bootstrapping using an older version of GNAT. For the exact list of restrictions, see the compiler sources and references to Check_Compiler_Unit.


2.31 Pragma Complete_Representation

Syntax:

pragma Complete_Representation;

This pragma must appear immediately within a record representation clause. Typical placements are before the first component clause or after the last component clause. The effect is to give an error message if any component is missing a component clause. This pragma may be used to ensure that a record representation clause is complete, and that this invariant is maintained if fields are added to the record in the future.


2.32 Pragma Complex_Representation

Syntax:

pragma Complex_Representation
        ([Entity =>] LOCAL_NAME);

The Entity argument must be the name of a record type which has two fields of the same floating-point type. The effect of this pragma is to force gcc to use the special internal complex representation form for this record, which may be more efficient. Note that this may result in the code for this type not conforming to standard ABI (application binary interface) requirements for the handling of record types. For example, in some environments, there is a requirement for passing records by pointer, and the use of this pragma may result in passing this type in floating-point registers.


2.33 Pragma Component_Alignment

Syntax:

pragma Component_Alignment (
     [Form =>] ALIGNMENT_CHOICE
  [, [Name =>] type_LOCAL_NAME]);

ALIGNMENT_CHOICE ::=
  Component_Size
| Component_Size_4
| Storage_Unit
| Default

Specifies the alignment of components in array or record types. The meaning of the Form argument is as follows:

`Component_Size'

Aligns scalar components and subcomponents of the array or record type on boundaries appropriate to their inherent size (naturally aligned). For example, 1-byte components are aligned on byte boundaries, 2-byte integer components are aligned on 2-byte boundaries, 4-byte integer components are aligned on 4-byte boundaries and so on. These alignment rules correspond to the normal rules for C compilers on all machines except the VAX.

`Component_Size_4'

Naturally aligns components with a size of four or fewer bytes. Components that are larger than 4 bytes are placed on the next 4-byte boundary.

`Storage_Unit'

Specifies that array or record components are byte aligned, i.e., aligned on boundaries determined by the value of the constant System.Storage_Unit.

`Default'

Specifies that array or record components are aligned on default boundaries, appropriate to the underlying hardware or operating system or both. The Default choice is the same as Component_Size (natural alignment).

If the Name parameter is present, type_LOCAL_NAME must refer to a local record or array type, and the specified alignment choice applies to the specified type. The use of Component_Alignment together with a pragma Pack causes the Component_Alignment pragma to be ignored. The use of Component_Alignment together with a record representation clause is only effective for fields not specified by the representation clause.

If the Name parameter is absent, the pragma can be used as either a configuration pragma, in which case it applies to one or more units in accordance with the normal rules for configuration pragmas, or it can be used within a declarative part, in which case it applies to types that are declared within this declarative part, or within any nested scope within this declarative part. In either case it specifies the alignment to be applied to any record or array type which has otherwise standard representation.

If the alignment for a record or array type is not specified (using pragma Pack, pragma Component_Alignment, or a record rep clause), the GNAT uses the default alignment as described previously.


2.34 Pragma Constant_After_Elaboration

Syntax:

pragma Constant_After_Elaboration [ (boolean_EXPRESSION) ];

For the semantics of this pragma, see the entry for aspect Constant_After_Elaboration in the SPARK 2014 Reference Manual, section 3.3.1.


2.35 Pragma Contract_Cases

Syntax:

pragma Contract_Cases ((CONTRACT_CASE {, CONTRACT_CASE));

CONTRACT_CASE ::= CASE_GUARD => CONSEQUENCE

CASE_GUARD ::= boolean_EXPRESSION | others

CONSEQUENCE ::= boolean_EXPRESSION

The Contract_Cases pragma allows defining fine-grain specifications that can complement or replace the contract given by a precondition and a postcondition. Additionally, the Contract_Cases pragma can be used by testing and formal verification tools. The compiler checks its validity and, depending on the assertion policy at the point of declaration of the pragma, it may insert a check in the executable. For code generation, the contract cases

pragma Contract_Cases (
  Cond1 => Pred1,
  Cond2 => Pred2);

are equivalent to

C1 : constant Boolean := Cond1;  --  evaluated at subprogram entry
C2 : constant Boolean := Cond2;  --  evaluated at subprogram entry
pragma Precondition ((C1 and not C2) or (C2 and not C1));
pragma Postcondition (if C1 then Pred1);
pragma Postcondition (if C2 then Pred2);

The precondition ensures that one and only one of the case guards is satisfied on entry to the subprogram. The postcondition ensures that for the case guard that was True on entry, the corresponding consequence is True on exit. Other consequence expressions are not evaluated.

A precondition P and postcondition Q can also be expressed as contract cases:

pragma Contract_Cases (P => Q);

The placement and visibility rules for Contract_Cases pragmas are identical to those described for preconditions and postconditions.

The compiler checks that boolean expressions given in case guards and consequences are valid, where the rules for case guards are the same as the rule for an expression in Precondition and the rules for consequences are the same as the rule for an expression in Postcondition. In particular, attributes 'Old and 'Result can only be used within consequence expressions. The case guard for the last contract case may be others, to denote any case not captured by the previous cases. The following is an example of use within a package spec:

package Math_Functions is
   ...
   function Sqrt (Arg : Float) return Float;
   pragma Contract_Cases (((Arg in 0.0 .. 99.0) => Sqrt'Result < 10.0,
                           Arg >= 100.0         => Sqrt'Result >= 10.0,
                           others               => Sqrt'Result = 0.0));
   ...
end Math_Functions;

The meaning of contract cases is that only one case should apply at each call, as determined by the corresponding case guard evaluating to True, and that the consequence for this case should hold when the subprogram returns.


2.36 Pragma Convention_Identifier

Syntax:

pragma Convention_Identifier (
         [Name =>]       IDENTIFIER,
         [Convention =>] convention_IDENTIFIER);

This pragma provides a mechanism for supplying synonyms for existing convention identifiers. The Name identifier can subsequently be used as a synonym for the given convention in other pragmas (including for example pragma Import or another Convention_Identifier pragma). As an example of the use of this, suppose you had legacy code which used Fortran77 as the identifier for Fortran. Then the pragma:

pragma Convention_Identifier (Fortran77, Fortran);

would allow the use of the convention identifier Fortran77 in subsequent code, avoiding the need to modify the sources. As another example, you could use this to parameterize convention requirements according to systems. Suppose you needed to use Stdcall on windows systems, and C on some other system, then you could define a convention identifier Library and use a single Convention_Identifier pragma to specify which convention would be used system-wide.


2.37 Pragma CPP_Class

Syntax:

pragma CPP_Class ([Entity =>] LOCAL_NAME);

The argument denotes an entity in the current declarative region that is declared as a record type. It indicates that the type corresponds to an externally declared C++ class type, and is to be laid out the same way that C++ would lay out the type. If the C++ class has virtual primitives then the record must be declared as a tagged record type.

Types for which CPP_Class is specified do not have assignment or equality operators defined (such operations can be imported or declared as subprograms as required). Initialization is allowed only by constructor functions (see pragma CPP_Constructor). Such types are implicitly limited if not explicitly declared as limited or derived from a limited type, and an error is issued in that case.

See Interfacing to C++ for related information.

Note: Pragma CPP_Class is currently obsolete. It is supported for backward compatibility but its functionality is available using pragma Import with Convention = CPP.


2.38 Pragma CPP_Constructor

Syntax:

pragma CPP_Constructor ([Entity =>] LOCAL_NAME
  [, [External_Name =>] static_string_EXPRESSION ]
  [, [Link_Name     =>] static_string_EXPRESSION ]);

This pragma identifies an imported function (imported in the usual way with pragma Import) as corresponding to a C++ constructor. If External_Name and Link_Name are not specified then the Entity argument is a name that must have been previously mentioned in a pragma Import with Convention = CPP. Such name must be of one of the following forms:

  • * `function' Fname `return' T‘
  • * `function' Fname `return' T’Class
  • * `function' Fname (...) `return' T‘
  • * `function' Fname (...) `return' T’Class

where T is a limited record type imported from C++ with pragma Import and Convention = CPP.

The first two forms import the default constructor, used when an object of type T is created on the Ada side with no explicit constructor. The latter two forms cover all the non-default constructors of the type. See the GNAT User’s Guide for details.

If no constructors are imported, it is impossible to create any objects on the Ada side and the type is implicitly declared abstract.

Pragma CPP_Constructor is intended primarily for automatic generation using an automatic binding generator tool (such as the -fdump-ada-spec GCC switch). See Interfacing to C++ for more related information.

Note: The use of functions returning class-wide types for constructors is currently obsolete. They are supported for backward compatibility. The use of functions returning the type T leave the Ada sources more clear because the imported C++ constructors always return an object of type T; that is, they never return an object whose type is a descendant of type T.


2.39 Pragma CPP_Virtual

This pragma is now obsolete and, other than generating a warning if warnings on obsolescent features are enabled, is completely ignored. It is retained for compatibility purposes. It used to be required to ensure compoatibility with C++, but is no longer required for that purpose because GNAT generates the same object layout as the G++ compiler by default.

See Interfacing to C++ for related information.


2.40 Pragma CPP_Vtable

This pragma is now obsolete and, other than generating a warning if warnings on obsolescent features are enabled, is completely ignored. It used to be required to ensure compatibility with C++, but is no longer required for that purpose because GNAT generates the same object layout as the G++ compiler by default.

See Interfacing to C++ for related information.


2.41 Pragma CPU

Syntax:

pragma CPU (EXPRESSION);

This pragma is standard in Ada 2012, but is available in all earlier versions of Ada as an implementation-defined pragma. See Ada 2012 Reference Manual for details.


2.42 Pragma Deadline_Floor

Syntax:

pragma Deadline_Floor (time_span_EXPRESSION);

This pragma applies only to protected types and specifies the floor deadline inherited by a task when the task enters a protected object. It is effective only when the EDF scheduling policy is used.


2.43 Pragma Default_Initial_Condition

Syntax:

pragma Default_Initial_Condition [ (null | boolean_EXPRESSION) ];

For the semantics of this pragma, see the entry for aspect Default_Initial_Condition in the SPARK 2014 Reference Manual, section 7.3.3.


2.44 Pragma Debug

Syntax:

pragma Debug ([CONDITION, ]PROCEDURE_CALL_WITHOUT_SEMICOLON);

PROCEDURE_CALL_WITHOUT_SEMICOLON ::=
  PROCEDURE_NAME
| PROCEDURE_PREFIX ACTUAL_PARAMETER_PART

The procedure call argument has the syntactic form of an expression, meeting the syntactic requirements for pragmas.

If debug pragmas are not enabled or if the condition is present and evaluates to False, this pragma has no effect. If debug pragmas are enabled, the semantics of the pragma is exactly equivalent to the procedure call statement corresponding to the argument with a terminating semicolon. Pragmas are permitted in sequences of declarations, so you can use pragma Debug to intersperse calls to debug procedures in the middle of declarations. Debug pragmas can be enabled either by use of the command line switch `-gnata' or by use of the pragma Check_Policy with a first argument of Debug.


2.45 Pragma Debug_Policy

Syntax:

pragma Debug_Policy (CHECK | DISABLE | IGNORE | ON | OFF);

This pragma is equivalent to a corresponding Check_Policy pragma with a first argument of Debug. It is retained for historical compatibility reasons.


2.46 Pragma Default_Scalar_Storage_Order

Syntax:

pragma Default_Scalar_Storage_Order (High_Order_First | Low_Order_First);

Normally if no explicit Scalar_Storage_Order is given for a record type or array type, then the scalar storage order defaults to the ordinary default for the target. But this default may be overridden using this pragma. The pragma may appear as a configuration pragma, or locally within a package spec or declarative part. In the latter case, it applies to all subsequent types declared within that package spec or declarative part.

The following example shows the use of this pragma:

pragma Default_Scalar_Storage_Order (High_Order_First);
with System; use System;
package DSSO1 is
   type H1 is record
      a : Integer;
   end record;

   type L2 is record
      a : Integer;
   end record;
   for L2'Scalar_Storage_Order use Low_Order_First;

   type L2a is new L2;

   package Inner is
      type H3 is record
         a : Integer;
      end record;

      pragma Default_Scalar_Storage_Order (Low_Order_First);

      type L4 is record
         a : Integer;
      end record;
   end Inner;

   type H4a is new Inner.L4;

   type H5 is record
      a : Integer;
   end record;
end DSSO1;

In this example record types with names starting with `L' have Low_Order_First scalar storage order, and record types with names starting with `H' have High_Order_First. Note that in the case of H4a, the order is not inherited from the parent type. Only an explicitly set Scalar_Storage_Order gets inherited on type derivation.

If this pragma is used as a configuration pragma which appears within a configuration pragma file (as opposed to appearing explicitly at the start of a single unit), then the binder will require that all units in a partition be compiled in a similar manner, other than run-time units, which are not affected by this pragma. Note that the use of this form is discouraged because it may significantly degrade the run-time performance of the software, instead the default scalar storage order ought to be changed only on a local basis.


2.47 Pragma Default_Storage_Pool

Syntax:

pragma Default_Storage_Pool (storage_pool_NAME | null);

This pragma is standard in Ada 2012, but is available in all earlier versions of Ada as an implementation-defined pragma. See Ada 2012 Reference Manual for details.


2.48 Pragma Depends

Syntax:

pragma Depends (DEPENDENCY_RELATION);

DEPENDENCY_RELATION ::=
     null
  | (DEPENDENCY_CLAUSE {, DEPENDENCY_CLAUSE})

DEPENDENCY_CLAUSE ::=
    OUTPUT_LIST =>[+] INPUT_LIST
  | NULL_DEPENDENCY_CLAUSE

NULL_DEPENDENCY_CLAUSE ::= null => INPUT_LIST

OUTPUT_LIST ::= OUTPUT | (OUTPUT {, OUTPUT})

INPUT_LIST ::= null | INPUT | (INPUT {, INPUT})

OUTPUT ::= NAME | FUNCTION_RESULT
INPUT  ::= NAME

where FUNCTION_RESULT is a function Result attribute_reference

For the semantics of this pragma, see the entry for aspect Depends in the SPARK 2014 Reference Manual, section 6.1.5.


2.49 Pragma Detect_Blocking

Syntax:

pragma Detect_Blocking;

This is a standard pragma in Ada 2005, that is available in all earlier versions of Ada as an implementation-defined pragma.

This is a configuration pragma that forces the detection of potentially blocking operations within a protected operation, and to raise Program_Error if that happens.


2.50 Pragma Disable_Atomic_Synchronization

Syntax:

pragma Disable_Atomic_Synchronization [(Entity)];

Ada requires that accesses (reads or writes) of an atomic variable be regarded as synchronization points in the case of multiple tasks. Particularly in the case of multi-processors this may require special handling, e.g. the generation of memory barriers. This capability may be turned off using this pragma in cases where it is known not to be required.

The placement and scope rules for this pragma are the same as those for pragma Suppress. In particular it can be used as a configuration pragma, or in a declaration sequence where it applies till the end of the scope. If an Entity argument is present, the action applies only to that entity.


2.51 Pragma Dispatching_Domain

Syntax:

pragma Dispatching_Domain (EXPRESSION);

This pragma is standard in Ada 2012, but is available in all earlier versions of Ada as an implementation-defined pragma. See Ada 2012 Reference Manual for details.


2.52 Pragma Effective_Reads

Syntax:

pragma Effective_Reads [ (boolean_EXPRESSION) ];

For the semantics of this pragma, see the entry for aspect Effective_Reads in the SPARK 2014 Reference Manual, section 7.1.2.


2.53 Pragma Effective_Writes

Syntax:

pragma Effective_Writes [ (boolean_EXPRESSION) ];

For the semantics of this pragma, see the entry for aspect Effective_Writes in the SPARK 2014 Reference Manual, section 7.1.2.


2.54 Pragma Elaboration_Checks

Syntax:

pragma Elaboration_Checks (Dynamic | Static);

This is a configuration pragma which specifies the elaboration model to be used during compilation. For more information on the elaboration models of GNAT, consult the chapter on elaboration order handling in the `GNAT User’s Guide'.

The pragma may appear in the following contexts:

  • * Configuration pragmas file
  • * Prior to the context clauses of a compilation unit’s initial declaration

Any other placement of the pragma will result in a warning and the effects of the offending pragma will be ignored.

If the pragma argument is Dynamic, then the dynamic elaboration model is in effect. If the pragma argument is Static, then the static elaboration model is in effect.


2.55 Pragma Eliminate

Syntax:

pragma Eliminate (
            [  Unit_Name       => ] IDENTIFIER | SELECTED_COMPONENT ,
            [  Entity          => ] IDENTIFIER |
                                    SELECTED_COMPONENT |
                                    STRING_LITERAL
            [, Source_Location =>   SOURCE_TRACE ] );

        SOURCE_TRACE    ::= STRING_LITERAL

This pragma indicates that the given entity is not used in the program to be compiled and built, thus allowing the compiler to eliminate the code or data associated with the named entity. Any reference to an eliminated entity causes a compile-time or link-time error.

The pragma has the following semantics, where U is the unit specified by the Unit_Name argument and E is the entity specified by the Entity argument:

  • * E must be a subprogram that is explicitly declared either:

    o Within U, or

    o Within a generic package that is instantiated in U, or

    o As an instance of generic subprogram instantiated in U.

    Otherwise the pragma is ignored.

  • * If E is overloaded within U then, in the absence of a Source_Location argument, all overloadings are eliminated.
  • * If E is overloaded within U and only some overloadings are to be eliminated, then each overloading to be eliminated must be specified in a corresponding pragma Eliminate with a Source_Location argument identifying the line where the declaration appears, as described below.
  • * If E is declared as the result of a generic instantiation, then a Source_Location argument is needed, as described below

Pragma Eliminate allows a program to be compiled in a system-independent manner, so that unused entities are eliminated but without needing to modify the source text. Normally the required set of Eliminate pragmas is constructed automatically using the gnatelim tool.

Any source file change that removes, splits, or adds lines may make the set of Eliminate pragmas invalid because their Source_Location argument values may get out of date.

Pragma Eliminate may be used where the referenced entity is a dispatching operation. In this case all the subprograms to which the given operation can dispatch are considered to be unused (are never called as a result of a direct or a dispatching call).

The string literal given for the source location specifies the line number of the declaration of the entity, using the following syntax for SOURCE_TRACE:

SOURCE_TRACE     ::= SOURCE_REFERENCE [ LBRACKET SOURCE_TRACE RBRACKET ]

LBRACKET         ::= '['
RBRACKET         ::= ']'

SOURCE_REFERENCE ::= FILE_NAME : LINE_NUMBER

LINE_NUMBER      ::= DIGIT {DIGIT}

Spaces around the colon in a SOURCE_REFERENCE are optional.

The source trace that is given as the Source_Location must obey the following rules (or else the pragma is ignored), where U is the unit U specified by the Unit_Name argument and E is the subprogram specified by the Entity argument:

  • * FILE_NAME is the short name (with no directory information) of the Ada source file for U, using the required syntax for the underlying file system (e.g. case is significant if the underlying operating system is case sensitive). If U is a package and E is a subprogram declared in the package specification and its full declaration appears in the package body, then the relevant source file is the one for the package specification; analogously if U is a generic package.
  • * If E is not declared in a generic instantiation (this includes generic subprogram instances), the source trace includes only one source line reference. LINE_NUMBER gives the line number of the occurrence of the declaration of E within the source file (as a decimal literal without an exponent or point).
  • * If E is declared by a generic instantiation, its source trace (from left to right) starts with the source location of the declaration of E in the generic unit and ends with the source location of the instantiation, given in square brackets. This approach is applied recursively with nested instantiations: the rightmost (nested most deeply in square brackets) element of the source trace is the location of the outermost instantiation, and the leftmost element (that is, outside of any square brackets) is the location of the declaration of E in the generic unit.

Examples:

pragma Eliminate (Pkg0, Proc);
-- Eliminate (all overloadings of) Proc in Pkg0

pragma Eliminate (Pkg1, Proc,
                  Source_Location => "pkg1.ads:8");
-- Eliminate overloading of Proc at line 8 in pkg1.ads

-- Assume the following file contents:
--   gen_pkg.ads
--   1: generic
--   2:   type T is private;
--   3: package Gen_Pkg is
--   4:   procedure Proc(N : T);
--  ...   ...
--  ... end Gen_Pkg;
--
--    q.adb
--   1: with Gen_Pkg;
--   2: procedure Q is
--   3:   package Inst_Pkg is new Gen_Pkg(Integer);
--  ...   -- No calls on Inst_Pkg.Proc
--  ... end Q;

-- The following pragma eliminates Inst_Pkg.Proc from Q
pragma Eliminate (Q, Proc,
                  Source_Location => "gen_pkg.ads:4[q.adb:3]");

2.56 Pragma Enable_Atomic_Synchronization

Syntax:

pragma Enable_Atomic_Synchronization [(Entity)];

Ada requires that accesses (reads or writes) of an atomic variable be regarded as synchronization points in the case of multiple tasks. Particularly in the case of multi-processors this may require special handling, e.g. the generation of memory barriers. This synchronization is performed by default, but can be turned off using pragma Disable_Atomic_Synchronization. The Enable_Atomic_Synchronization pragma can be used to turn it back on.

The placement and scope rules for this pragma are the same as those for pragma Unsuppress. In particular it can be used as a configuration pragma, or in a declaration sequence where it applies till the end of the scope. If an Entity argument is present, the action applies only to that entity.


2.57 Pragma Export_Function

Syntax:

pragma Export_Function (
     [Internal         =>] LOCAL_NAME
  [, [External         =>] EXTERNAL_SYMBOL]
  [, [Parameter_Types  =>] PARAMETER_TYPES]
  [, [Result_Type      =>] result_SUBTYPE_MARK]
  [, [Mechanism        =>] MECHANISM]
  [, [Result_Mechanism =>] MECHANISM_NAME]);

EXTERNAL_SYMBOL ::=
  IDENTIFIER
| static_string_EXPRESSION
| ""

PARAMETER_TYPES ::=
  null
| TYPE_DESIGNATOR {, TYPE_DESIGNATOR}

TYPE_DESIGNATOR ::=
  subtype_NAME
| subtype_Name ' Access

MECHANISM ::=
  MECHANISM_NAME
| (MECHANISM_ASSOCIATION {, MECHANISM_ASSOCIATION})

MECHANISM_ASSOCIATION ::=
  [formal_parameter_NAME =>] MECHANISM_NAME

MECHANISM_NAME ::= Value | Reference

Use this pragma to make a function externally callable and optionally provide information on mechanisms to be used for passing parameter and result values. We recommend, for the purposes of improving portability, this pragma always be used in conjunction with a separate pragma Export, which must precede the pragma Export_Function. GNAT does not require a separate pragma Export, but if none is present, Convention Ada is assumed, which is usually not what is wanted, so it is usually appropriate to use this pragma in conjunction with a Export or Convention pragma that specifies the desired foreign convention. Pragma Export_Function (and Export, if present) must appear in the same declarative region as the function to which they apply.

The internal_name must uniquely designate the function to which the pragma applies. If more than one function name exists of this name in the declarative part you must use the Parameter_Types and Result_Type parameters to achieve the required unique designation. The subtype_marks in these parameters must exactly match the subtypes in the corresponding function specification, using positional notation to match parameters with subtype marks. The form with an 'Access attribute can be used to match an anonymous access parameter.

Special treatment is given if the EXTERNAL is an explicit null string or a static string expressions that evaluates to the null string. In this case, no external name is generated. This form still allows the specification of parameter mechanisms.


2.58 Pragma Export_Object

Syntax:

pragma Export_Object
      [Internal =>] LOCAL_NAME
   [, [External =>] EXTERNAL_SYMBOL]
   [, [Size     =>] EXTERNAL_SYMBOL]

EXTERNAL_SYMBOL ::=
  IDENTIFIER
| static_string_EXPRESSION

This pragma designates an object as exported, and apart from the extended rules for external symbols, is identical in effect to the use of the normal Export pragma applied to an object. You may use a separate Export pragma (and you probably should from the point of view of portability), but it is not required. Size is syntax checked, but otherwise ignored by GNAT.


2.59 Pragma Export_Procedure

Syntax:

pragma Export_Procedure (
     [Internal        =>] LOCAL_NAME
  [, [External        =>] EXTERNAL_SYMBOL]
  [, [Parameter_Types =>] PARAMETER_TYPES]
  [, [Mechanism       =>] MECHANISM]);

EXTERNAL_SYMBOL ::=
  IDENTIFIER
| static_string_EXPRESSION
| ""

PARAMETER_TYPES ::=
  null
| TYPE_DESIGNATOR {, TYPE_DESIGNATOR}

TYPE_DESIGNATOR ::=
  subtype_NAME
| subtype_Name ' Access

MECHANISM ::=
  MECHANISM_NAME
| (MECHANISM_ASSOCIATION {, MECHANISM_ASSOCIATION})

MECHANISM_ASSOCIATION ::=
  [formal_parameter_NAME =>] MECHANISM_NAME

MECHANISM_NAME ::= Value | Reference

This pragma is identical to Export_Function except that it applies to a procedure rather than a function and the parameters Result_Type and Result_Mechanism are not permitted. GNAT does not require a separate pragma Export, but if none is present, Convention Ada is assumed, which is usually not what is wanted, so it is usually appropriate to use this pragma in conjunction with a Export or Convention pragma that specifies the desired foreign convention.

Special treatment is given if the EXTERNAL is an explicit null string or a static string expressions that evaluates to the null string. In this case, no external name is generated. This form still allows the specification of parameter mechanisms.


2.60 Pragma Export_Value

Syntax:

pragma Export_Value (
  [Value     =>] static_integer_EXPRESSION,
  [Link_Name =>] static_string_EXPRESSION);

This pragma serves to export a static integer value for external use. The first argument specifies the value to be exported. The Link_Name argument specifies the symbolic name to be associated with the integer value. This pragma is useful for defining a named static value in Ada that can be referenced in assembly language units to be linked with the application. This pragma is currently supported only for the AAMP target and is ignored for other targets.


2.61 Pragma Export_Valued_Procedure

Syntax:

pragma Export_Valued_Procedure (
     [Internal        =>] LOCAL_NAME
  [, [External        =>] EXTERNAL_SYMBOL]
  [, [Parameter_Types =>] PARAMETER_TYPES]
  [, [Mechanism       =>] MECHANISM]);

EXTERNAL_SYMBOL ::=
  IDENTIFIER
| static_string_EXPRESSION
| ""

PARAMETER_TYPES ::=
  null
| TYPE_DESIGNATOR {, TYPE_DESIGNATOR}

TYPE_DESIGNATOR ::=
  subtype_NAME
| subtype_Name ' Access

MECHANISM ::=
  MECHANISM_NAME
| (MECHANISM_ASSOCIATION {, MECHANISM_ASSOCIATION})

MECHANISM_ASSOCIATION ::=
  [formal_parameter_NAME =>] MECHANISM_NAME

MECHANISM_NAME ::= Value | Reference

This pragma is identical to Export_Procedure except that the first parameter of LOCAL_NAME, which must be present, must be of mode out, and externally the subprogram is treated as a function with this parameter as the result of the function. GNAT provides for this capability to allow the use of out and in out parameters in interfacing to external functions (which are not permitted in Ada functions). GNAT does not require a separate pragma Export, but if none is present, Convention Ada is assumed, which is almost certainly not what is wanted since the whole point of this pragma is to interface with foreign language functions, so it is usually appropriate to use this pragma in conjunction with a Export or Convention pragma that specifies the desired foreign convention.

Special treatment is given if the EXTERNAL is an explicit null string or a static string expressions that evaluates to the null string. In this case, no external name is generated. This form still allows the specification of parameter mechanisms.


2.62 Pragma Extend_System

Syntax:

pragma Extend_System ([Name =>] IDENTIFIER);

This pragma is used to provide backwards compatibility with other implementations that extend the facilities of package System. In GNAT, System contains only the definitions that are present in the Ada RM. However, other implementations, notably the DEC Ada 83 implementation, provide many extensions to package System.

For each such implementation accommodated by this pragma, GNAT provides a package Aux_`xxx', e.g., Aux_DEC for the DEC Ada 83 implementation, which provides the required additional definitions. You can use this package in two ways. You can with it in the normal way and access entities either by selection or using a use clause. In this case no special processing is required.

However, if existing code contains references such as System.`xxx' where `xxx' is an entity in the extended definitions provided in package System, you may use this pragma to extend visibility in System in a non-standard way that provides greater compatibility with the existing code. Pragma Extend_System is a configuration pragma whose single argument is the name of the package containing the extended definition (e.g., Aux_DEC for the DEC Ada case). A unit compiled under control of this pragma will be processed using special visibility processing that looks in package System.Aux_`xxx' where Aux_`xxx' is the pragma argument for any entity referenced in package System, but not found in package System.

You can use this pragma either to access a predefined System extension supplied with the compiler, for example Aux_DEC or you can construct your own extension unit following the above definition. Note that such a package is a child of System and thus is considered part of the implementation. To compile it you will have to use the `-gnatg' switch for compiling System units, as explained in the GNAT User’s Guide.


2.63 Pragma Extensions_Allowed

Syntax:

pragma Extensions_Allowed (On | Off);

This configuration pragma enables or disables the implementation extension mode (the use of Off as a parameter cancels the effect of the `-gnatX' command switch).

In extension mode, the latest version of the Ada language is implemented (currently Ada 202x), and in addition a small number of GNAT specific extensions are recognized as follows:

  • * Constrained attribute for generic objects

    The Constrained attribute is permitted for objects of generic types. The result indicates if the corresponding actual is constrained.

  • * Static aspect on intrinsic functions

    The Ada 202x Static aspect can be specified on Intrinsic imported functions and the compiler will evaluate some of these intrinsic statically, in particular the Shift_Left and Shift_Right intrinsics.

  • * 'Reduce attribute

    This attribute part of the Ada 202x language definition is provided for now under -gnatX to confirm and potentially refine its usage and syntax.

  • * [] aggregates

    This new aggregate syntax for arrays and containers is provided under -gnatX to experiment and confirm this new language syntax.


2.64 Pragma Extensions_Visible

Syntax:

pragma Extensions_Visible [ (boolean_EXPRESSION) ];

For the semantics of this pragma, see the entry for aspect Extensions_Visible in the SPARK 2014 Reference Manual, section 6.1.7.


2.65 Pragma External

Syntax:

pragma External (
  [   Convention    =>] convention_IDENTIFIER,
  [   Entity        =>] LOCAL_NAME
  [, [External_Name =>] static_string_EXPRESSION ]
  [, [Link_Name     =>] static_string_EXPRESSION ]);

This pragma is identical in syntax and semantics to pragma Export as defined in the Ada Reference Manual. It is provided for compatibility with some Ada 83 compilers that used this pragma for exactly the same purposes as pragma Export before the latter was standardized.


2.66 Pragma External_Name_Casing

Syntax:

pragma External_Name_Casing (
  Uppercase | Lowercase
  [, Uppercase | Lowercase | As_Is]);

This pragma provides control over the casing of external names associated with Import and Export pragmas. There are two cases to consider:

  • * Implicit external names

    Implicit external names are derived from identifiers. The most common case arises when a standard Ada Import or Export pragma is used with only two arguments, as in:

    pragma Import (C, C_Routine);
    

    Since Ada is a case-insensitive language, the spelling of the identifier in the Ada source program does not provide any information on the desired casing of the external name, and so a convention is needed. In GNAT the default treatment is that such names are converted to all lower case letters. This corresponds to the normal C style in many environments. The first argument of pragma External_Name_Casing can be used to control this treatment. If Uppercase is specified, then the name will be forced to all uppercase letters. If Lowercase is specified, then the normal default of all lower case letters will be used.

    This same implicit treatment is also used in the case of extended DEC Ada 83 compatible Import and Export pragmas where an external name is explicitly specified using an identifier rather than a string.

  • * Explicit external names

    Explicit external names are given as string literals. The most common case arises when a standard Ada Import or Export pragma is used with three arguments, as in:

    pragma Import (C, C_Routine, "C_routine");
    

    In this case, the string literal normally provides the exact casing required for the external name. The second argument of pragma External_Name_Casing may be used to modify this behavior. If Uppercase is specified, then the name will be forced to all uppercase letters. If Lowercase is specified, then the name will be forced to all lowercase letters. A specification of As_Is provides the normal default behavior in which the casing is taken from the string provided.

This pragma may appear anywhere that a pragma is valid. In particular, it can be used as a configuration pragma in the gnat.adc file, in which case it applies to all subsequent compilations, or it can be used as a program unit pragma, in which case it only applies to the current unit, or it can be used more locally to control individual Import/Export pragmas.

It was primarily intended for use with OpenVMS systems, where many compilers convert all symbols to upper case by default. For interfacing to such compilers (e.g., the DEC C compiler), it may be convenient to use the pragma:

pragma External_Name_Casing (Uppercase, Uppercase);

to enforce the upper casing of all external symbols.


2.67 Pragma Fast_Math

Syntax:

pragma Fast_Math;

This is a configuration pragma which activates a mode in which speed is considered more important for floating-point operations than absolutely accurate adherence to the requirements of the standard. Currently the following operations are affected:

`Complex Multiplication'

The normal simple formula for complex multiplication can result in intermediate overflows for numbers near the end of the range. The Ada standard requires that this situation be detected and corrected by scaling, but in Fast_Math mode such cases will simply result in overflow. Note that to take advantage of this you must instantiate your own version of Ada.Numerics.Generic_Complex_Types under control of the pragma, rather than use the preinstantiated versions.


2.68 Pragma Favor_Top_Level

Syntax:

pragma Favor_Top_Level (type_NAME);

The argument of pragma Favor_Top_Level must be a named access-to-subprogram type. This pragma is an efficiency hint to the compiler, regarding the use of 'Access or 'Unrestricted_Access on nested (non-library-level) subprograms. The pragma means that nested subprograms are not used with this type, or are rare, so that the generated code should be efficient in the top-level case. When this pragma is used, dynamically generated trampolines may be used on some targets for nested subprograms. See restriction No_Implicit_Dynamic_Code.


2.69 Pragma Finalize_Storage_Only

Syntax:

pragma Finalize_Storage_Only (first_subtype_LOCAL_NAME);

The argument of pragma Finalize_Storage_Only must denote a local type which is derived from Ada.Finalization.Controlled or Limited_Controlled. The pragma suppresses the call to Finalize for declared library-level objects of the argument type. This is mostly useful for types where finalization is only used to deal with storage reclamation since in most environments it is not necessary to reclaim memory just before terminating execution, hence the name. Note that this pragma does not suppress Finalize calls for library-level heap-allocated objects (see pragma No_Heap_Finalization).


2.70 Pragma Float_Representation

Syntax:

pragma Float_Representation (FLOAT_REP[, float_type_LOCAL_NAME]);

FLOAT_REP ::= VAX_Float | IEEE_Float

In the one argument form, this pragma is a configuration pragma which allows control over the internal representation chosen for the predefined floating point types declared in the packages Standard and System. This pragma is only provided for compatibility and has no effect.

The two argument form specifies the representation to be used for the specified floating-point type. The argument must be IEEE_Float to specify the use of IEEE format, as follows:

  • * For a digits value of 6, 32-bit IEEE short format will be used.
  • * For a digits value of 15, 64-bit IEEE long format will be used.
  • * No other value of digits is permitted.

2.71 Pragma Ghost

Syntax:

pragma Ghost [ (boolean_EXPRESSION) ];

For the semantics of this pragma, see the entry for aspect Ghost in the SPARK 2014 Reference Manual, section 6.9.


2.72 Pragma Global

Syntax:

pragma Global (GLOBAL_SPECIFICATION);

GLOBAL_SPECIFICATION ::=
     null
  | (GLOBAL_LIST)
  | (MODED_GLOBAL_LIST {, MODED_GLOBAL_LIST})

MODED_GLOBAL_LIST ::= MODE_SELECTOR => GLOBAL_LIST

MODE_SELECTOR ::= In_Out | Input | Output | Proof_In
GLOBAL_LIST   ::= GLOBAL_ITEM | (GLOBAL_ITEM {, GLOBAL_ITEM})
GLOBAL_ITEM   ::= NAME

For the semantics of this pragma, see the entry for aspect Global in the SPARK 2014 Reference Manual, section 6.1.4.


2.73 Pragma Ident

Syntax:

pragma Ident (static_string_EXPRESSION);

This pragma is identical in effect to pragma Comment. It is provided for compatibility with other Ada compilers providing this pragma.


2.74 Pragma Ignore_Pragma

Syntax:

pragma Ignore_Pragma (pragma_IDENTIFIER);

This is a configuration pragma that takes a single argument that is a simple identifier. Any subsequent use of a pragma whose pragma identifier matches this argument will be silently ignored. This may be useful when legacy code or code intended for compilation with some other compiler contains pragmas that match the name, but not the exact implementation, of a GNAT pragma. The use of this pragma allows such pragmas to be ignored, which may be useful in CodePeer mode, or during porting of legacy code.


2.75 Pragma Implementation_Defined

Syntax:

pragma Implementation_Defined (local_NAME);

This pragma marks a previously declared entity as implementation-defined. For an overloaded entity, applies to the most recent homonym.

pragma Implementation_Defined;

The form with no arguments appears anywhere within a scope, most typically a package spec, and indicates that all entities that are defined within the package spec are Implementation_Defined.

This pragma is used within the GNAT runtime library to identify implementation-defined entities introduced in language-defined units, for the purpose of implementing the No_Implementation_Identifiers restriction.


2.76 Pragma Implemented

Syntax:

pragma Implemented (procedure_LOCAL_NAME, implementation_kind);

implementation_kind ::= By_Entry | By_Protected_Procedure | By_Any

This is an Ada 2012 representation pragma which applies to protected, task and synchronized interface primitives. The use of pragma Implemented provides a way to impose a static requirement on the overriding operation by adhering to one of the three implementation kinds: entry, protected procedure or any of the above. This pragma is available in all earlier versions of Ada as an implementation-defined pragma.

type Synch_Iface is synchronized interface;
procedure Prim_Op (Obj : in out Iface) is abstract;
pragma Implemented (Prim_Op, By_Protected_Procedure);

protected type Prot_1 is new Synch_Iface with
   procedure Prim_Op;  --  Legal
end Prot_1;

protected type Prot_2 is new Synch_Iface with
   entry Prim_Op;      --  Illegal
end Prot_2;

task type Task_Typ is new Synch_Iface with
   entry Prim_Op;      --  Illegal
end Task_Typ;

When applied to the procedure_or_entry_NAME of a requeue statement, pragma Implemented determines the runtime behavior of the requeue. Implementation kind By_Entry guarantees that the action of requeueing will proceed from an entry to another entry. Implementation kind By_Protected_Procedure transforms the requeue into a dispatching call, thus eliminating the chance of blocking. Kind By_Any shares the behavior of By_Entry and By_Protected_Procedure depending on the target’s overriding subprogram kind.


2.77 Pragma Implicit_Packing

Syntax:

pragma Implicit_Packing;

This is a configuration pragma that requests implicit packing for packed arrays for which a size clause is given but no explicit pragma Pack or specification of Component_Size is present. It also applies to records where no record representation clause is present. Consider this example:

type R is array (0 .. 7) of Boolean;
for R'Size use 8;

In accordance with the recommendation in the RM (RM 13.3(53)), a Size clause does not change the layout of a composite object. So the Size clause in the above example is normally rejected, since the default layout of the array uses 8-bit components, and thus the array requires a minimum of 64 bits.

If this declaration is compiled in a region of code covered by an occurrence of the configuration pragma Implicit_Packing, then the Size clause in this and similar examples will cause implicit packing and thus be accepted. For this implicit packing to occur, the type in question must be an array of small components whose size is known at compile time, and the Size clause must specify the exact size that corresponds to the number of elements in the array multiplied by the size in bits of the component type (both single and multi-dimensioned arrays can be controlled with this pragma).

Similarly, the following example shows the use in the record case

type r is record
   a, b, c, d, e, f, g, h : boolean;
   chr                    : character;
end record;
for r'size use 16;

Without a pragma Pack, each Boolean field requires 8 bits, so the minimum size is 72 bits, but with a pragma Pack, 16 bits would be sufficient. The use of pragma Implicit_Packing allows this record declaration to compile without an explicit pragma Pack.


2.78 Pragma Import_Function

Syntax:

pragma Import_Function (
     [Internal                 =>] LOCAL_NAME,
  [, [External                 =>] EXTERNAL_SYMBOL]
  [, [Parameter_Types          =>] PARAMETER_TYPES]
  [, [Result_Type              =>] SUBTYPE_MARK]
  [, [Mechanism                =>] MECHANISM]
  [, [Result_Mechanism         =>] MECHANISM_NAME]);

EXTERNAL_SYMBOL ::=
  IDENTIFIER
| static_string_EXPRESSION

PARAMETER_TYPES ::=
  null
| TYPE_DESIGNATOR {, TYPE_DESIGNATOR}

TYPE_DESIGNATOR ::=
  subtype_NAME
| subtype_Name ' Access

MECHANISM ::=
  MECHANISM_NAME
| (MECHANISM_ASSOCIATION {, MECHANISM_ASSOCIATION})

MECHANISM_ASSOCIATION ::=
  [formal_parameter_NAME =>] MECHANISM_NAME

MECHANISM_NAME ::=
  Value
| Reference

This pragma is used in conjunction with a pragma Import to specify additional information for an imported function. The pragma Import (or equivalent pragma Interface) must precede the Import_Function pragma and both must appear in the same declarative part as the function specification.

The Internal argument must uniquely designate the function to which the pragma applies. If more than one function name exists of this name in the declarative part you must use the Parameter_Types and Result_Type parameters to achieve the required unique designation. Subtype marks in these parameters must exactly match the subtypes in the corresponding function specification, using positional notation to match parameters with subtype marks. The form with an 'Access attribute can be used to match an anonymous access parameter.

You may optionally use the Mechanism and Result_Mechanism parameters to specify passing mechanisms for the parameters and result. If you specify a single mechanism name, it applies to all parameters. Otherwise you may specify a mechanism on a parameter by parameter basis using either positional or named notation. If the mechanism is not specified, the default mechanism is used.


2.79 Pragma Import_Object

Syntax:

pragma Import_Object
     [Internal =>] LOCAL_NAME
  [, [External =>] EXTERNAL_SYMBOL]
  [, [Size     =>] EXTERNAL_SYMBOL]);

EXTERNAL_SYMBOL ::=
  IDENTIFIER
| static_string_EXPRESSION

This pragma designates an object as imported, and apart from the extended rules for external symbols, is identical in effect to the use of the normal Import pragma applied to an object. Unlike the subprogram case, you need not use a separate Import pragma, although you may do so (and probably should do so from a portability point of view). size is syntax checked, but otherwise ignored by GNAT.


2.80 Pragma Import_Procedure

Syntax:

pragma Import_Procedure (
     [Internal                 =>] LOCAL_NAME
  [, [External                 =>] EXTERNAL_SYMBOL]
  [, [Parameter_Types          =>] PARAMETER_TYPES]
  [, [Mechanism                =>] MECHANISM]);

EXTERNAL_SYMBOL ::=
  IDENTIFIER
| static_string_EXPRESSION

PARAMETER_TYPES ::=
  null
| TYPE_DESIGNATOR {, TYPE_DESIGNATOR}

TYPE_DESIGNATOR ::=
  subtype_NAME
| subtype_Name ' Access

MECHANISM ::=
  MECHANISM_NAME
| (MECHANISM_ASSOCIATION {, MECHANISM_ASSOCIATION})

MECHANISM_ASSOCIATION ::=
  [formal_parameter_NAME =>] MECHANISM_NAME

MECHANISM_NAME ::= Value | Reference

This pragma is identical to Import_Function except that it applies to a procedure rather than a function and the parameters Result_Type and Result_Mechanism are not permitted.


2.81 Pragma Import_Valued_Procedure

Syntax:

pragma Import_Valued_Procedure (
     [Internal                 =>] LOCAL_NAME
  [, [External                 =>] EXTERNAL_SYMBOL]
  [, [Parameter_Types          =>] PARAMETER_TYPES]
  [, [Mechanism                =>] MECHANISM]);

EXTERNAL_SYMBOL ::=
  IDENTIFIER
| static_string_EXPRESSION

PARAMETER_TYPES ::=
  null
| TYPE_DESIGNATOR {, TYPE_DESIGNATOR}

TYPE_DESIGNATOR ::=
  subtype_NAME
| subtype_Name ' Access

MECHANISM ::=
  MECHANISM_NAME
| (MECHANISM_ASSOCIATION {, MECHANISM_ASSOCIATION})

MECHANISM_ASSOCIATION ::=
  [formal_parameter_NAME =>] MECHANISM_NAME

MECHANISM_NAME ::= Value | Reference

This pragma is identical to Import_Procedure except that the first parameter of LOCAL_NAME, which must be present, must be of mode out, and externally the subprogram is treated as a function with this parameter as the result of the function. The purpose of this capability is to allow the use of out and in out parameters in interfacing to external functions (which are not permitted in Ada functions). You may optionally use the Mechanism parameters to specify passing mechanisms for the parameters. If you specify a single mechanism name, it applies to all parameters. Otherwise you may specify a mechanism on a parameter by parameter basis using either positional or named notation. If the mechanism is not specified, the default mechanism is used.

Note that it is important to use this pragma in conjunction with a separate pragma Import that specifies the desired convention, since otherwise the default convention is Ada, which is almost certainly not what is required.


2.82 Pragma Independent

Syntax:

pragma Independent (Local_NAME);

This pragma is standard in Ada 2012 mode (which also provides an aspect of the same name). It is also available as an implementation-defined pragma in all earlier versions. It specifies that the designated object or all objects of the designated type must be independently addressable. This means that separate tasks can safely manipulate such objects. For example, if two components of a record are independent, then two separate tasks may access these two components. This may place constraints on the representation of the object (for instance prohibiting tight packing).


2.83 Pragma Independent_Components

Syntax:

pragma Independent_Components (Local_NAME);

This pragma is standard in Ada 2012 mode (which also provides an aspect of the same name). It is also available as an implementation-defined pragma in all earlier versions. It specifies that the components of the designated object, or the components of each object of the designated type, must be independently addressable. This means that separate tasks can safely manipulate separate components in the composite object. This may place constraints on the representation of the object (for instance prohibiting tight packing).


2.84 Pragma Initial_Condition

Syntax:

pragma Initial_Condition (boolean_EXPRESSION);

For the semantics of this pragma, see the entry for aspect Initial_Condition in the SPARK 2014 Reference Manual, section 7.1.6.


2.85 Pragma Initialize_Scalars

Syntax:

pragma Initialize_Scalars
  [ ( TYPE_VALUE_PAIR {, TYPE_VALUE_PAIR} ) ];

TYPE_VALUE_PAIR ::=
  SCALAR_TYPE => static_EXPRESSION

SCALAR_TYPE :=
  Short_Float
| Float
| Long_Float
| Long_Long_Flat
| Signed_8
| Signed_16
| Signed_32
| Signed_64
| Unsigned_8
| Unsigned_16
| Unsigned_32
| Unsigned_64

This pragma is similar to Normalize_Scalars conceptually but has two important differences.

First, there is no requirement for the pragma to be used uniformly in all units of a partition. In particular, it is fine to use this just for some or all of the application units of a partition, without needing to recompile the run-time library. In the case where some units are compiled with the pragma, and some without, then a declaration of a variable where the type is defined in package Standard or is locally declared will always be subject to initialization, as will any declaration of a scalar variable. For composite variables, whether the variable is initialized may also depend on whether the package in which the type of the variable is declared is compiled with the pragma.

The other important difference is that the programmer can control the value used for initializing scalar objects. This effect can be achieved in several different ways:

  • * At compile time, the programmer can specify the invalid value for a particular family of scalar types using the optional arguments of the pragma.

    The compile-time approach is intended to optimize the generated code for the pragma, by possibly using fast operations such as memset. Note that such optimizations require using values where the bytes all have the same binary representation.

  • * At bind time, the programmer has several options:
    • * Initialization with invalid values (similar to Normalize_Scalars, though for Initialize_Scalars it is not always possible to determine the invalid values in complex cases like signed component fields with nonstandard sizes).
    • * Initialization with high values.
    • * Initialization with low values.
    • * Initialization with a specific bit pattern.

    See the GNAT User’s Guide for binder options for specifying these cases.

    The bind-time approach is intended to provide fast turnaround for testing with different values, without having to recompile the program.

  • * At execution time, the programmer can specify the invalid values using an environment variable. See the GNAT User’s Guide for details.

    The execution-time approach is intended to provide fast turnaround for testing with different values, without having to recompile and rebind the program.

Note that pragma Initialize_Scalars is particularly useful in conjunction with the enhanced validity checking that is now provided in GNAT, which checks for invalid values under more conditions. Using this feature (see description of the `-gnatV' flag in the GNAT User’s Guide) in conjunction with pragma Initialize_Scalars provides a powerful new tool to assist in the detection of problems caused by uninitialized variables.

Note: the use of Initialize_Scalars has a fairly extensive effect on the generated code. This may cause your code to be substantially larger. It may also cause an increase in the amount of stack required, so it is probably a good idea to turn on stack checking (see description of stack checking in the GNAT User’s Guide) when using this pragma.


2.86 Pragma Initializes

Syntax:

pragma Initializes (INITIALIZATION_LIST);

INITIALIZATION_LIST ::=
     null
  | (INITIALIZATION_ITEM {, INITIALIZATION_ITEM})

INITIALIZATION_ITEM ::= name [=> INPUT_LIST]

INPUT_LIST ::=
     null
  |  INPUT
  | (INPUT {, INPUT})

INPUT ::= name

For the semantics of this pragma, see the entry for aspect Initializes in the SPARK 2014 Reference Manual, section 7.1.5.


2.87 Pragma Inline_Always

Syntax:

pragma Inline_Always (NAME [, NAME]);

Similar to pragma Inline except that inlining is unconditional. Inline_Always instructs the compiler to inline every direct call to the subprogram or else to emit a compilation error, independently of any option, in particular `-gnatn' or `-gnatN' or the optimization level. It is an error to take the address or access of NAME. It is also an error to apply this pragma to a primitive operation of a tagged type. Thanks to such restrictions, the compiler is allowed to remove the out-of-line body of NAME.


2.88 Pragma Inline_Generic

Syntax:

pragma Inline_Generic (GNAME {, GNAME});

GNAME ::= generic_unit_NAME | generic_instance_NAME

This pragma is provided for compatibility with Dec Ada 83. It has no effect in GNAT (which always inlines generics), other than to check that the given names are all names of generic units or generic instances.


2.89 Pragma Interface

Syntax:

pragma Interface (
     [Convention    =>] convention_identifier,
     [Entity        =>] local_NAME
  [, [External_Name =>] static_string_expression]
  [, [Link_Name     =>] static_string_expression]);

This pragma is identical in syntax and semantics to the standard Ada pragma Import. It is provided for compatibility with Ada 83. The definition is upwards compatible both with pragma Interface as defined in the Ada 83 Reference Manual, and also with some extended implementations of this pragma in certain Ada 83 implementations. The only difference between pragma Interface and pragma Import is that there is special circuitry to allow both pragmas to appear for the same subprogram entity (normally it is illegal to have multiple Import pragmas. This is useful in maintaining Ada 83/Ada 95 compatibility and is compatible with other Ada 83 compilers.


2.90 Pragma Interface_Name

Syntax:

pragma Interface_Name (
     [Entity        =>] LOCAL_NAME
  [, [External_Name =>] static_string_EXPRESSION]
  [, [Link_Name     =>] static_string_EXPRESSION]);

This pragma provides an alternative way of specifying the interface name for an interfaced subprogram, and is provided for compatibility with Ada 83 compilers that use the pragma for this purpose. You must provide at least one of External_Name or Link_Name.


2.91 Pragma Interrupt_Handler

Syntax:

pragma Interrupt_Handler (procedure_LOCAL_NAME);

This program unit pragma is supported for parameterless protected procedures as described in Annex C of the Ada Reference Manual. On the AAMP target the pragma can also be specified for nonprotected parameterless procedures that are declared at the library level (which includes procedures declared at the top level of a library package). In the case of AAMP, when this pragma is applied to a nonprotected procedure, the instruction IERET is generated for returns from the procedure, enabling maskable interrupts, in place of the normal return instruction.


2.92 Pragma Interrupt_State

Syntax:

pragma Interrupt_State
 ([Name  =>] value,
  [State =>] SYSTEM | RUNTIME | USER);

Normally certain interrupts are reserved to the implementation. Any attempt to attach an interrupt causes Program_Error to be raised, as described in RM C.3.2(22). A typical example is the SIGINT interrupt used in many systems for an Ctrl-C interrupt. Normally this interrupt is reserved to the implementation, so that Ctrl-C can be used to interrupt execution. Additionally, signals such as SIGSEGV, SIGABRT, SIGFPE and SIGILL are often mapped to specific Ada exceptions, or used to implement run-time functions such as the abort statement and stack overflow checking.

Pragma Interrupt_State provides a general mechanism for overriding such uses of interrupts. It subsumes the functionality of pragma Unreserve_All_Interrupts. Pragma Interrupt_State is not available on Windows. On all other platforms than VxWorks, it applies to signals; on VxWorks, it applies to vectored hardware interrupts and may be used to mark interrupts required by the board support package as reserved.

Interrupts can be in one of three states:

  • * System

    The interrupt is reserved (no Ada handler can be installed), and the Ada run-time may not install a handler. As a result you are guaranteed standard system default action if this interrupt is raised. This also allows installing a low level handler via C APIs such as sigaction(), outside of Ada control.

  • * Runtime

    The interrupt is reserved (no Ada handler can be installed). The run time is allowed to install a handler for internal control purposes, but is not required to do so.

  • * User

    The interrupt is unreserved. The user may install an Ada handler via Ada.Interrupts and pragma Interrupt_Handler or Attach_Handler to provide some other action.

These states are the allowed values of the State parameter of the pragma. The Name parameter is a value of the type Ada.Interrupts.Interrupt_ID. Typically, it is a name declared in Ada.Interrupts.Names.

This is a configuration pragma, and the binder will check that there are no inconsistencies between different units in a partition in how a given interrupt is specified. It may appear anywhere a pragma is legal.

The effect is to move the interrupt to the specified state.

By declaring interrupts to be SYSTEM, you guarantee the standard system action, such as a core dump.

By declaring interrupts to be USER, you guarantee that you can install a handler.

Note that certain signals on many operating systems cannot be caught and handled by applications. In such cases, the pragma is ignored. See the operating system documentation, or the value of the array Reserved declared in the spec of package System.OS_Interface.

Overriding the default state of signals used by the Ada runtime may interfere with an application’s runtime behavior in the cases of the synchronous signals, and in the case of the signal used to implement the abort statement.


2.93 Pragma Invariant

Syntax:

pragma Invariant
  ([Entity =>]    private_type_LOCAL_NAME,
   [Check  =>]    EXPRESSION
   [,[Message =>] String_Expression]);

This pragma provides exactly the same capabilities as the Type_Invariant aspect defined in AI05-0146-1, and in the Ada 2012 Reference Manual. The Type_Invariant aspect is fully implemented in Ada 2012 mode, but since it requires the use of the aspect syntax, which is not available except in 2012 mode, it is not possible to use the Type_Invariant aspect in earlier versions of Ada. However the Invariant pragma may be used in any version of Ada. Also note that the aspect Invariant is a synonym in GNAT for the aspect Type_Invariant, but there is no pragma Type_Invariant.

The pragma must appear within the visible part of the package specification, after the type to which its Entity argument appears. As with the Invariant aspect, the Check expression is not analyzed until the end of the visible part of the package, so it may contain forward references. The Message argument, if present, provides the exception message used if the invariant is violated. If no Message parameter is provided, a default message that identifies the line on which the pragma appears is used.

It is permissible to have multiple Invariants for the same type entity, in which case they are and’ed together. It is permissible to use this pragma in Ada 2012 mode, but you cannot have both an invariant aspect and an invariant pragma for the same entity.

For further details on the use of this pragma, see the Ada 2012 documentation of the Type_Invariant aspect.


2.94 Pragma Keep_Names

Syntax:

pragma Keep_Names ([On =>] enumeration_first_subtype_LOCAL_NAME);

The LOCAL_NAME argument must refer to an enumeration first subtype in the current declarative part. The effect is to retain the enumeration literal names for use by Image and Value even if a global Discard_Names pragma applies. This is useful when you want to generally suppress enumeration literal names and for example you therefore use a Discard_Names pragma in the gnat.adc file, but you want to retain the names for specific enumeration types.


2.95 Pragma License

Syntax:

pragma License (Unrestricted | GPL | Modified_GPL | Restricted);

This pragma is provided to allow automated checking for appropriate license conditions with respect to the standard and modified GPL. A pragma License, which is a configuration pragma that typically appears at the start of a source file or in a separate gnat.adc file, specifies the licensing conditions of a unit as follows:

  • * Unrestricted This is used for a unit that can be freely used with no license restrictions. Examples of such units are public domain units, and units from the Ada Reference Manual.
  • * GPL This is used for a unit that is licensed under the unmodified GPL, and which therefore cannot be withed by a restricted unit.
  • * Modified_GPL This is used for a unit licensed under the GNAT modified GPL that includes a special exception paragraph that specifically permits the inclusion of the unit in programs without requiring the entire program to be released under the GPL.
  • * Restricted This is used for a unit that is restricted in that it is not permitted to depend on units that are licensed under the GPL. Typical examples are proprietary code that is to be released under more restrictive license conditions. Note that restricted units are permitted to with units which are licensed under the modified GPL (this is the whole point of the modified GPL).

Normally a unit with no License pragma is considered to have an unknown license, and no checking is done. However, standard GNAT headers are recognized, and license information is derived from them as follows.

A GNAT license header starts with a line containing 78 hyphens. The following comment text is searched for the appearance of any of the following strings.

If the string ’GNU General Public License’ is found, then the unit is assumed to have GPL license, unless the string ’As a special exception’ follows, in which case the license is assumed to be modified GPL.

If one of the strings ’This specification is adapted from the Ada Semantic Interface’ or ’This specification is derived from the Ada Reference Manual’ is found then the unit is assumed to be unrestricted.

These default actions means that a program with a restricted license pragma will automatically get warnings if a GPL unit is inappropriately withed. For example, the program:

with Sem_Ch3;
with GNAT.Sockets;
procedure Secret_Stuff is
  ...
end Secret_Stuff

if compiled with pragma License (Restricted) in a gnat.adc file will generate the warning:

1.  with Sem_Ch3;
        |
   >>> license of withed unit "Sem_Ch3" is incompatible

2.  with GNAT.Sockets;
3.  procedure Secret_Stuff is

Here we get a warning on Sem_Ch3 since it is part of the GNAT compiler and is licensed under the GPL, but no warning for GNAT.Sockets which is part of the GNAT run time, and is therefore licensed under the modified GPL.


2.97 Pragma Linker_Alias

Syntax:

pragma Linker_Alias (
  [Entity =>] LOCAL_NAME,
  [Target =>] static_string_EXPRESSION);

LOCAL_NAME must refer to an object that is declared at the library level. This pragma establishes the given entity as a linker alias for the given target. It is equivalent to __attribute__((alias)) in GNU C and causes LOCAL_NAME to be emitted as an alias for the symbol static_string_EXPRESSION in the object file, that is to say no space is reserved for LOCAL_NAME by the assembler and it will be resolved to the same address as static_string_EXPRESSION by the linker.

The actual linker name for the target must be used (e.g., the fully encoded name with qualification in Ada, or the mangled name in C++), or it must be declared using the C convention with pragma Import or pragma Export.

Not all target machines support this pragma. On some of them it is accepted only if pragma Weak_External has been applied to LOCAL_NAME.

--  Example of the use of pragma Linker_Alias

package p is
  i : Integer := 1;
  pragma Export (C, i);

  new_name_for_i : Integer;
  pragma Linker_Alias (new_name_for_i, "i");
end p;

2.98 Pragma Linker_Constructor

Syntax:

pragma Linker_Constructor (procedure_LOCAL_NAME);

procedure_LOCAL_NAME must refer to a parameterless procedure that is declared at the library level. A procedure to which this pragma is applied will be treated as an initialization routine by the linker. It is equivalent to __attribute__((constructor)) in GNU C and causes procedure_LOCAL_NAME to be invoked before the entry point of the executable is called (or immediately after the shared library is loaded if the procedure is linked in a shared library), in particular before the Ada run-time environment is set up.

Because of these specific contexts, the set of operations such a procedure can perform is very limited and the type of objects it can manipulate is essentially restricted to the elementary types. In particular, it must only contain code to which pragma Restrictions (No_Elaboration_Code) applies.

This pragma is used by GNAT to implement auto-initialization of shared Stand Alone Libraries, which provides a related capability without the restrictions listed above. Where possible, the use of Stand Alone Libraries is preferable to the use of this pragma.


2.99 Pragma Linker_Destructor

Syntax:

pragma Linker_Destructor (procedure_LOCAL_NAME);

procedure_LOCAL_NAME must refer to a parameterless procedure that is declared at the library level. A procedure to which this pragma is applied will be treated as a finalization routine by the linker. It is equivalent to __attribute__((destructor)) in GNU C and causes procedure_LOCAL_NAME to be invoked after the entry point of the executable has exited (or immediately before the shared library is unloaded if the procedure is linked in a shared library), in particular after the Ada run-time environment is shut down.

See pragma Linker_Constructor for the set of restrictions that apply because of these specific contexts.


2.100 Pragma Linker_Section

Syntax:

pragma Linker_Section (
  [Entity  =>] LOCAL_NAME,
  [Section =>] static_string_EXPRESSION);

LOCAL_NAME must refer to an object, type, or subprogram that is declared at the library level. This pragma specifies the name of the linker section for the given entity. It is equivalent to __attribute__((section)) in GNU C and causes LOCAL_NAME to be placed in the static_string_EXPRESSION section of the executable (assuming the linker doesn’t rename the section). GNAT also provides an implementation defined aspect of the same name.

In the case of specifying this aspect for a type, the effect is to specify the corresponding section for all library-level objects of the type that do not have an explicit linker section set. Note that this only applies to whole objects, not to components of composite objects.

In the case of a subprogram, the linker section applies to all previously declared matching overloaded subprograms in the current declarative part which do not already have a linker section assigned. The linker section aspect is useful in this case for specifying different linker sections for different elements of such an overloaded set.

Note that an empty string specifies that no linker section is specified. This is not quite the same as omitting the pragma or aspect, since it can be used to specify that one element of an overloaded set of subprograms has the default linker section, or that one object of a type for which a linker section is specified should has the default linker section.

The compiler normally places library-level entities in standard sections depending on the class: procedures and functions generally go in the .text section, initialized variables in the .data section and uninitialized variables in the .bss section.

Other, special sections may exist on given target machines to map special hardware, for example I/O ports or flash memory. This pragma is a means to defer the final layout of the executable to the linker, thus fully working at the symbolic level with the compiler.

Some file formats do not support arbitrary sections so not all target machines support this pragma. The use of this pragma may cause a program execution to be erroneous if it is used to place an entity into an inappropriate section (e.g., a modified variable into the .text section). See also pragma Persistent_BSS.

--  Example of the use of pragma Linker_Section

package IO_Card is
  Port_A : Integer;
  pragma Volatile (Port_A);
  pragma Linker_Section (Port_A, ".bss.port_a");

  Port_B : Integer;
  pragma Volatile (Port_B);
  pragma Linker_Section (Port_B, ".bss.port_b");

  type Port_Type is new Integer with Linker_Section => ".bss";
  PA : Port_Type with Linker_Section => ".bss.PA";
  PB : Port_Type; --  ends up in linker section ".bss"

  procedure Q with Linker_Section => "Qsection";
end IO_Card;

2.101 Pragma Lock_Free

Syntax: This pragma may be specified for protected types or objects. It specifies that the implementation of protected operations must be implemented without locks. Compilation fails if the compiler cannot generate lock-free code for the operations.

The current conditions required to support this pragma are:

  • * Protected type declarations may not contain entries
  • * Protected subprogram declarations may not have nonelementary parameters

In addition, each protected subprogram body must satisfy:

  • * May reference only one protected component
  • * May not reference nonconstant entities outside the protected subprogram scope.
  • * May not contain address representation items, allocators, or quantified expressions.
  • * May not contain delay, goto, loop, or procedure-call statements.
  • * May not contain exported and imported entities
  • * May not dereferenced access values
  • * Function calls and attribute references must be static

2.102 Pragma Loop_Invariant

Syntax:

pragma Loop_Invariant ( boolean_EXPRESSION );

The effect of this pragma is similar to that of pragma Assert, except that in an Assertion_Policy pragma, the identifier Loop_Invariant is used to control whether it is ignored or checked (or disabled).

Loop_Invariant can only appear as one of the items in the sequence of statements of a loop body, or nested inside block statements that appear in the sequence of statements of a loop body. The intention is that it be used to represent a "loop invariant" assertion, i.e. something that is true each time through the loop, and which can be used to show that the loop is achieving its purpose.

Multiple Loop_Invariant and Loop_Variant pragmas that apply to the same loop should be grouped in the same sequence of statements.

To aid in writing such invariants, the special attribute Loop_Entry may be used to refer to the value of an expression on entry to the loop. This attribute can only be used within the expression of a Loop_Invariant pragma. For full details, see documentation of attribute Loop_Entry.


2.103 Pragma Loop_Optimize

Syntax:

pragma Loop_Optimize (OPTIMIZATION_HINT {, OPTIMIZATION_HINT});

OPTIMIZATION_HINT ::= Ivdep | No_Unroll | Unroll | No_Vector | Vector

This pragma must appear immediately within a loop statement. It allows the programmer to specify optimization hints for the enclosing loop. The hints are not mutually exclusive and can be freely mixed, but not all combinations will yield a sensible outcome.

There are five supported optimization hints for a loop:

  • * Ivdep

    The programmer asserts that there are no loop-carried dependencies which would prevent consecutive iterations of the loop from being executed simultaneously.

  • * No_Unroll

    The loop must not be unrolled. This is a strong hint: the compiler will not unroll a loop marked with this hint.

  • * Unroll

    The loop should be unrolled. This is a weak hint: the compiler will try to apply unrolling to this loop preferably to other optimizations, notably vectorization, but there is no guarantee that the loop will be unrolled.

  • * No_Vector

    The loop must not be vectorized. This is a strong hint: the compiler will not vectorize a loop marked with this hint.

  • * Vector

    The loop should be vectorized. This is a weak hint: the compiler will try to apply vectorization to this loop preferably to other optimizations, notably unrolling, but there is no guarantee that the loop will be vectorized.

These hints do not remove the need to pass the appropriate switches to the compiler in order to enable the relevant optimizations, that is to say `-funroll-loops' for unrolling and `-ftree-vectorize' for vectorization.


2.104 Pragma Loop_Variant

Syntax:

pragma Loop_Variant ( LOOP_VARIANT_ITEM {, LOOP_VARIANT_ITEM } );
LOOP_VARIANT_ITEM ::= CHANGE_DIRECTION => discrete_EXPRESSION
CHANGE_DIRECTION ::= Increases | Decreases

Loop_Variant can only appear as one of the items in the sequence of statements of a loop body, or nested inside block statements that appear in the sequence of statements of a loop body. It allows the specification of quantities which must always decrease or increase in successive iterations of the loop. In its simplest form, just one expression is specified, whose value must increase or decrease on each iteration of the loop.

In a more complex form, multiple arguments can be given which are intepreted in a nesting lexicographic manner. For example:

pragma Loop_Variant (Increases => X, Decreases => Y);

specifies that each time through the loop either X increases, or X stays the same and Y decreases. A Loop_Variant pragma ensures that the loop is making progress. It can be useful in helping to show informally or prove formally that the loop always terminates.

Loop_Variant is an assertion whose effect can be controlled using an Assertion_Policy with a check name of Loop_Variant. The policy can be Check to enable the loop variant check, Ignore to ignore the check (in which case the pragma has no effect on the program), or Disable in which case the pragma is not even checked for correct syntax.

Multiple Loop_Invariant and Loop_Variant pragmas that apply to the same loop should be grouped in the same sequence of statements.

The Loop_Entry attribute may be used within the expressions of the Loop_Variant pragma to refer to values on entry to the loop.


2.105 Pragma Machine_Attribute

Syntax:

pragma Machine_Attribute (
     [Entity         =>] LOCAL_NAME,
     [Attribute_Name =>] static_string_EXPRESSION
  [, [Info           =>] static_EXPRESSION {, static_EXPRESSION}] );

Machine-dependent attributes can be specified for types and/or declarations. This pragma is semantically equivalent to __attribute__((`attribute_name')) (if info is not specified) or __attribute__((`attribute_name(info'))) or __attribute__((`attribute_name(info,...'))) in GNU C, where `attribute_name' is recognized by the compiler middle-end or the TARGET_ATTRIBUTE_TABLE machine specific macro. Note that a string literal for the optional parameter info or the following ones is transformed by default into an identifier, which may make this pragma unusable for some attributes. For further information see GNU Compiler Collection (GCC) Internals.


2.106 Pragma Main

Syntax:

pragma Main
 (MAIN_OPTION [, MAIN_OPTION]);

MAIN_OPTION ::=
  [Stack_Size              =>] static_integer_EXPRESSION
| [Task_Stack_Size_Default =>] static_integer_EXPRESSION
| [Time_Slicing_Enabled    =>] static_boolean_EXPRESSION

This pragma is provided for compatibility with OpenVMS VAX Systems. It has no effect in GNAT, other than being syntax checked.


2.107 Pragma Main_Storage

Syntax:

pragma Main_Storage
  (MAIN_STORAGE_OPTION [, MAIN_STORAGE_OPTION]);

MAIN_STORAGE_OPTION ::=
  [WORKING_STORAGE =>] static_SIMPLE_EXPRESSION
| [TOP_GUARD       =>] static_SIMPLE_EXPRESSION

This pragma is provided for compatibility with OpenVMS VAX Systems. It has no effect in GNAT, other than being syntax checked.


2.108 Pragma Max_Queue_Length

Syntax:

pragma Max_Entry_Queue (static_integer_EXPRESSION);

This pragma is used to specify the maximum callers per entry queue for individual protected entries and entry families. It accepts a single integer (-1 or more) as a parameter and must appear after the declaration of an entry.

A value of -1 represents no additional restriction on queue length.


2.109 Pragma No_Body

Syntax:

pragma No_Body;

There are a number of cases in which a package spec does not require a body, and in fact a body is not permitted. GNAT will not permit the spec to be compiled if there is a body around. The pragma No_Body allows you to provide a body file, even in a case where no body is allowed. The body file must contain only comments and a single No_Body pragma. This is recognized by the compiler as indicating that no body is logically present.

This is particularly useful during maintenance when a package is modified in such a way that a body needed before is no longer needed. The provision of a dummy body with a No_Body pragma ensures that there is no interference from earlier versions of the package body.


2.110 Pragma No_Caching

Syntax:

pragma No_Caching [ (boolean_EXPRESSION) ];

For the semantics of this pragma, see the entry for aspect No_Caching in the SPARK 2014 Reference Manual, section 7.1.2.


2.111 Pragma No_Component_Reordering

Syntax:

pragma No_Component_Reordering [([Entity =>] type_LOCAL_NAME)];

type_LOCAL_NAME must refer to a record type declaration in the current declarative part. The effect is to preclude any reordering of components for the layout of the record, i.e. the record is laid out by the compiler in the order in which the components are declared textually. The form with no argument is a configuration pragma which applies to all record types declared in units to which the pragma applies and there is a requirement that this pragma be used consistently within a partition.


2.112 Pragma No_Elaboration_Code_All

Syntax:

pragma No_Elaboration_Code_All [(program_unit_NAME)];

This is a program unit pragma (there is also an equivalent aspect of the same name) that establishes the restriction No_Elaboration_Code for the current unit and any extended main source units (body and subunits). It also has the effect of enforcing a transitive application of this aspect, so that if any unit is implicitly or explicitly with’ed by the current unit, it must also have the No_Elaboration_Code_All aspect set. It may be applied to package or subprogram specs or their generic versions.


2.113 Pragma No_Heap_Finalization

Syntax:

pragma No_Heap_Finalization [ (first_subtype_LOCAL_NAME) ];

Pragma No_Heap_Finalization may be used as a configuration pragma or as a type-specific pragma.

In its configuration form, the pragma must appear within a configuration file such as gnat.adc, without an argument. The pragma suppresses the call to Finalize for heap-allocated objects created through library-level named access-to-object types in cases where the designated type requires finalization actions.

In its type-specific form, the argument of the pragma must denote a library-level named access-to-object type. The pragma suppresses the call to Finalize for heap-allocated objects created through the specific access type in cases where the designated type requires finalization actions.

It is still possible to finalize such heap-allocated objects by explicitly deallocating them.

A library-level named access-to-object type declared within a generic unit will lose its No_Heap_Finalization pragma when the corresponding instance does not appear at the library level.


2.114 Pragma No_Inline

Syntax:

pragma No_Inline (NAME {, NAME});

This pragma suppresses inlining for the callable entity or the instances of the generic subprogram designated by NAME, including inlining that results from the use of pragma Inline. This pragma is always active, in particular it is not subject to the use of option `-gnatn' or `-gnatN'. It is illegal to specify both pragma No_Inline and pragma Inline_Always for the same NAME.


2.115 Pragma No_Return

Syntax:

pragma No_Return (procedure_LOCAL_NAME {, procedure_LOCAL_NAME});

Each procedure_LOCAL_NAME argument must refer to one or more procedure declarations in the current declarative part. A procedure to which this pragma is applied may not contain any explicit return statements. In addition, if the procedure contains any implicit returns from falling off the end of a statement sequence, then execution of that implicit return will cause Program_Error to be raised.

One use of this pragma is to identify procedures whose only purpose is to raise an exception. Another use of this pragma is to suppress incorrect warnings about missing returns in functions, where the last statement of a function statement sequence is a call to such a procedure.

Note that in Ada 2005 mode, this pragma is part of the language. It is available in all earlier versions of Ada as an implementation-defined pragma.


2.116 Pragma No_Strict_Aliasing

Syntax:

pragma No_Strict_Aliasing [([Entity =>] type_LOCAL_NAME)];

type_LOCAL_NAME must refer to an access type declaration in the current declarative part. The effect is to inhibit strict aliasing optimization for the given type. The form with no arguments is a configuration pragma which applies to all access types declared in units to which the pragma applies. For a detailed description of the strict aliasing optimization, and the situations in which it must be suppressed, see the section on Optimization and Strict Aliasing in the GNAT User’s Guide.

This pragma currently has no effects on access to unconstrained array types.


2.117 Pragma No_Tagged_Streams

Syntax:

pragma No_Tagged_Streams [([Entity =>] tagged_type_LOCAL_NAME)];

Normally when a tagged type is introduced using a full type declaration, part of the processing includes generating stream access routines to be used by stream attributes referencing the type (or one of its subtypes or derived types). This can involve the generation of significant amounts of code which is wasted space if stream routines are not needed for the type in question.

The No_Tagged_Streams pragma causes the generation of these stream routines to be skipped, and any attempt to use stream operations on types subject to this pragma will be statically rejected as illegal.

There are two forms of the pragma. The form with no arguments must appear in a declarative sequence or in the declarations of a package spec. This pragma affects all subsequent root tagged types declared in the declaration sequence, and specifies that no stream routines be generated. The form with an argument (for which there is also a corresponding aspect) specifies a single root tagged type for which stream routines are not to be generated.

Once the pragma has been given for a particular root tagged type, all subtypes and derived types of this type inherit the pragma automatically, so the effect applies to a complete hierarchy (this is necessary to deal with the class-wide dispatching versions of the stream routines).

When pragmas Discard_Names and No_Tagged_Streams are simultaneously applied to a tagged type its Expanded_Name and External_Tag are initialized with empty strings. This is useful to avoid exposing entity names at binary level but has a negative impact on the debuggability of tagged types.


2.118 Pragma Normalize_Scalars

Syntax:

pragma Normalize_Scalars;

This is a language defined pragma which is fully implemented in GNAT. The effect is to cause all scalar objects that are not otherwise initialized to be initialized. The initial values are implementation dependent and are as follows:

`Standard.Character'

Objects whose root type is Standard.Character are initialized to Character’Last unless the subtype range excludes NUL (in which case NUL is used). This choice will always generate an invalid value if one exists.

`Standard.Wide_Character'

Objects whose root type is Standard.Wide_Character are initialized to Wide_Character’Last unless the subtype range excludes NUL (in which case NUL is used). This choice will always generate an invalid value if one exists.

`Standard.Wide_Wide_Character'

Objects whose root type is Standard.Wide_Wide_Character are initialized to the invalid value 16#FFFF_FFFF# unless the subtype range excludes NUL (in which case NUL is used). This choice will always generate an invalid value if one exists.

`Integer types'

Objects of an integer type are treated differently depending on whether negative values are present in the subtype. If no negative values are present, then all one bits is used as the initial value except in the special case where zero is excluded from the subtype, in which case all zero bits are used. This choice will always generate an invalid value if one exists.

For subtypes with negative values present, the largest negative number is used, except in the unusual case where this largest negative number is in the subtype, and the largest positive number is not, in which case the largest positive value is used. This choice will always generate an invalid value if one exists.

`Floating-Point Types'

Objects of all floating-point types are initialized to all 1-bits. For standard IEEE format, this corresponds to a NaN (not a number) which is indeed an invalid value.

`Fixed-Point Types'

Objects of all fixed-point types are treated as described above for integers, with the rules applying to the underlying integer value used to represent the fixed-point value.

`Modular types'

Objects of a modular type are initialized to all one bits, except in the special case where zero is excluded from the subtype, in which case all zero bits are used. This choice will always generate an invalid value if one exists.

`Enumeration types'

Objects of an enumeration type are initialized to all one-bits, i.e., to the value 2 ** typ'Size - 1 unless the subtype excludes the literal whose Pos value is zero, in which case a code of zero is used. This choice will always generate an invalid value if one exists.


2.119 Pragma Obsolescent

Syntax:

pragma Obsolescent;

pragma Obsolescent (
  [Message =>] static_string_EXPRESSION
[,[Version =>] Ada_05]]);

pragma Obsolescent (
  [Entity  =>] NAME
[,[Message =>] static_string_EXPRESSION
[,[Version =>] Ada_05]] );

This pragma can occur immediately following a declaration of an entity, including the case of a record component. If no Entity argument is present, then this declaration is the one to which the pragma applies. If an Entity parameter is present, it must either match the name of the entity in this declaration, or alternatively, the pragma can immediately follow an enumeration type declaration, where the Entity argument names one of the enumeration literals.

This pragma is used to indicate that the named entity is considered obsolescent and should not be used. Typically this is used when an API must be modified by eventually removing or modifying existing subprograms or other entities. The pragma can be used at an intermediate stage when the entity is still present, but will be removed later.

The effect of this pragma is to output a warning message on a reference to an entity thus marked that the subprogram is obsolescent if the appropriate warning option in the compiler is activated. If the Message parameter is present, then a second warning message is given containing this text. In addition, a reference to the entity is considered to be a violation of pragma Restrictions (No_Obsolescent_Features).

This pragma can also be used as a program unit pragma for a package, in which case the entity name is the name of the package, and the pragma indicates that the entire package is considered obsolescent. In this case a client withing such a package violates the restriction, and the with clause is flagged with warnings if the warning option is set.

If the Version parameter is present (which must be exactly the identifier Ada_05, no other argument is allowed), then the indication of obsolescence applies only when compiling in Ada 2005 mode. This is primarily intended for dealing with the situations in the predefined library where subprograms or packages have become defined as obsolescent in Ada 2005 (e.g., in Ada.Characters.Handling), but may be used anywhere.

The following examples show typical uses of this pragma:

package p is
   pragma Obsolescent (p, Message => "use pp instead of p");
end p;

package q is
   procedure q2;
   pragma Obsolescent ("use q2new instead");

   type R is new integer;
   pragma Obsolescent
     (Entity  => R,
      Message => "use RR in Ada 2005",
      Version => Ada_05);

   type M is record
      F1 : Integer;
      F2 : Integer;
      pragma Obsolescent;
      F3 : Integer;
   end record;

   type E is (a, bc, 'd', quack);
   pragma Obsolescent (Entity => bc)
   pragma Obsolescent (Entity => 'd')

   function "+"
     (a, b : character) return character;
   pragma Obsolescent (Entity => "+");
end;

Note that, as for all pragmas, if you use a pragma argument identifier, then all subsequent parameters must also use a pragma argument identifier. So if you specify Entity => for the Entity argument, and a Message argument is present, it must be preceded by Message =>.


2.120 Pragma Optimize_Alignment

Syntax:

pragma Optimize_Alignment (TIME | SPACE | OFF);

This is a configuration pragma which affects the choice of default alignments for types and objects where no alignment is explicitly specified. There is a time/space trade-off in the selection of these values. Large alignments result in more efficient code, at the expense of larger data space, since sizes have to be increased to match these alignments. Smaller alignments save space, but the access code is slower. The normal choice of default alignments for types and individual alignment promotions for objects (which is what you get if you do not use this pragma, or if you use an argument of OFF), tries to balance these two requirements.

Specifying SPACE causes smaller default alignments to be chosen in two cases. First any packed record is given an alignment of 1. Second, if a size is given for the type, then the alignment is chosen to avoid increasing this size. For example, consider:

type R is record
   X : Integer;
   Y : Character;
end record;

for R'Size use 5*8;

In the default mode, this type gets an alignment of 4, so that access to the Integer field X are efficient. But this means that objects of the type end up with a size of 8 bytes. This is a valid choice, since sizes of objects are allowed to be bigger than the size of the type, but it can waste space if for example fields of type R appear in an enclosing record. If the above type is compiled in Optimize_Alignment (Space) mode, the alignment is set to 1.

However, there is one case in which SPACE is ignored. If a variable length record (that is a discriminated record with a component which is an array whose length depends on a discriminant), has a pragma Pack, then it is not in general possible to set the alignment of such a record to one, so the pragma is ignored in this case (with a warning).

Specifying SPACE also disables alignment promotions for standalone objects, which occur when the compiler increases the alignment of a specific object without changing the alignment of its type.

Specifying SPACE also disables component reordering in unpacked record types, which can result in larger sizes in order to meet alignment requirements.

Specifying TIME causes larger default alignments to be chosen in the case of small types with sizes that are not a power of 2. For example, consider:

type R is record
   A : Character;
   B : Character;
   C : Boolean;
end record;

pragma Pack (R);
for R'Size use 17;

The default alignment for this record is normally 1, but if this type is compiled in Optimize_Alignment (Time) mode, then the alignment is set to 4, which wastes space for objects of the type, since they are now 4 bytes long, but results in more efficient access when the whole record is referenced.

As noted above, this is a configuration pragma, and there is a requirement that all units in a partition be compiled with a consistent setting of the optimization setting. This would normally be achieved by use of a configuration pragma file containing the appropriate setting. The exception to this rule is that units with an explicit configuration pragma in the same file as the source unit are excluded from the consistency check, as are all predefined units. The latter are compiled by default in pragma Optimize_Alignment (Off) mode if no pragma appears at the start of the file.


2.121 Pragma Ordered

Syntax:

pragma Ordered (enumeration_first_subtype_LOCAL_NAME);

Most enumeration types are from a conceptual point of view unordered. For example, consider:

type Color is (Red, Blue, Green, Yellow);

By Ada semantics Blue > Red and Green > Blue, but really these relations make no sense; the enumeration type merely specifies a set of possible colors, and the order is unimportant.

For unordered enumeration types, it is generally a good idea if clients avoid comparisons (other than equality or inequality) and explicit ranges. (A `client' is a unit where the type is referenced, other than the unit where the type is declared, its body, and its subunits.) For example, if code buried in some client says:

if Current_Color < Yellow then ...
if Current_Color in Blue .. Green then ...

then the client code is relying on the order, which is undesirable. It makes the code hard to read and creates maintenance difficulties if entries have to be added to the enumeration type. Instead, the code in the client should list the possibilities, or an appropriate subtype should be declared in the unit that declares the original enumeration type. E.g., the following subtype could be declared along with the type Color:

subtype RBG is Color range Red .. Green;

and then the client could write:

if Current_Color in RBG then ...
if Current_Color = Blue or Current_Color = Green then ...

However, some enumeration types are legitimately ordered from a conceptual point of view. For example, if you declare:

type Day is (Mon, Tue, Wed, Thu, Fri, Sat, Sun);

then the ordering imposed by the language is reasonable, and clients can depend on it, writing for example:

if D in Mon .. Fri then ...
if D < Wed then ...

The pragma `Ordered' is provided to mark enumeration types that are conceptually ordered, alerting the reader that clients may depend on the ordering. GNAT provides a pragma to mark enumerations as ordered rather than one to mark them as unordered, since in our experience, the great majority of enumeration types are conceptually unordered.

The types Boolean, Character, Wide_Character, and Wide_Wide_Character are considered to be ordered types, so each is declared with a pragma Ordered in package Standard.

Normally pragma Ordered serves only as documentation and a guide for coding standards, but GNAT provides a warning switch `-gnatw.u' that requests warnings for inappropriate uses (comparisons and explicit subranges) for unordered types. If this switch is used, then any enumeration type not marked with pragma Ordered will be considered as unordered, and will generate warnings for inappropriate uses.

Note that generic types are not considered ordered or unordered (since the template can be instantiated for both cases), so we never generate warnings for the case of generic enumerated types.

For additional information please refer to the description of the `-gnatw.u' switch in the GNAT User’s Guide.


2.122 Pragma Overflow_Mode

Syntax:

pragma Overflow_Mode
 (  [General    =>] MODE
  [,[Assertions =>] MODE]);

MODE ::= STRICT | MINIMIZED | ELIMINATED

This pragma sets the current overflow mode to the given setting. For details of the meaning of these modes, please refer to the ’Overflow Check Handling in GNAT’ appendix in the GNAT User’s Guide. If only the General parameter is present, the given mode applies to all expressions. If both parameters are present, the General mode applies to expressions outside assertions, and the Eliminated mode applies to expressions within assertions.

The case of the MODE parameter is ignored, so MINIMIZED, Minimized and minimized all have the same effect.

The Overflow_Mode pragma has the same scoping and placement rules as pragma Suppress, so it can occur either as a configuration pragma, specifying a default for the whole program, or in a declarative scope, where it applies to the remaining declarations and statements in that scope.

The pragma Suppress (Overflow_Check) suppresses overflow checking, but does not affect the overflow mode.

The pragma Unsuppress (Overflow_Check) unsuppresses (enables) overflow checking, but does not affect the overflow mode.


2.123 Pragma Overriding_Renamings

Syntax:

pragma Overriding_Renamings;

This is a GNAT configuration pragma to simplify porting legacy code accepted by the Rational Ada compiler. In the presence of this pragma, a renaming declaration that renames an inherited operation declared in the same scope is legal if selected notation is used as in:

pragma Overriding_Renamings;
...
package R is
  function F (..);
  ...
  function F (..) renames R.F;
end R;

even though RM 8.3 (15) stipulates that an overridden operation is not visible within the declaration of the overriding operation.


2.124 Pragma Partition_Elaboration_Policy

Syntax:

pragma Partition_Elaboration_Policy (POLICY_IDENTIFIER);

POLICY_IDENTIFIER ::= Concurrent | Sequential

This pragma is standard in Ada 2005, but is available in all earlier versions of Ada as an implementation-defined pragma. See Ada 2012 Reference Manual for details.


2.125 Pragma Part_Of

Syntax:

pragma Part_Of (ABSTRACT_STATE);

ABSTRACT_STATE ::= NAME

For the semantics of this pragma, see the entry for aspect Part_Of in the SPARK 2014 Reference Manual, section 7.2.6.


2.126 Pragma Passive

Syntax:

pragma Passive [(Semaphore | No)];

Syntax checked, but otherwise ignored by GNAT. This is recognized for compatibility with DEC Ada 83 implementations, where it is used within a task definition to request that a task be made passive. If the argument Semaphore is present, or the argument is omitted, then DEC Ada 83 treats the pragma as an assertion that the containing task is passive and that optimization of context switch with this task is permitted and desired. If the argument No is present, the task must not be optimized. GNAT does not attempt to optimize any tasks in this manner (since protected objects are available in place of passive tasks).

For more information on the subject of passive tasks, see the section ’Passive Task Optimization’ in the GNAT Users Guide.


2.127 Pragma Persistent_BSS

Syntax:

pragma Persistent_BSS [(LOCAL_NAME)]

This pragma allows selected objects to be placed in the .persistent_bss section. On some targets the linker and loader provide for special treatment of this section, allowing a program to be reloaded without affecting the contents of this data (hence the name persistent).

There are two forms of usage. If an argument is given, it must be the local name of a library-level object, with no explicit initialization and whose type is potentially persistent. If no argument is given, then the pragma is a configuration pragma, and applies to all library-level objects with no explicit initialization of potentially persistent types.

A potentially persistent type is a scalar type, or an untagged, non-discriminated record, all of whose components have no explicit initialization and are themselves of a potentially persistent type, or an array, all of whose constraints are static, and whose component type is potentially persistent.

If this pragma is used on a target where this feature is not supported, then the pragma will be ignored. See also pragma Linker_Section.


2.128 Pragma Post

Syntax:

pragma Post (Boolean_Expression);

The Post pragma is intended to be an exact replacement for the language-defined Post aspect, and shares its restrictions and semantics. It must appear either immediately following the corresponding subprogram declaration (only other pragmas may intervene), or if there is no separate subprogram declaration, then it can appear at the start of the declarations in a subprogram body (preceded only by other pragmas).


2.129 Pragma Postcondition

Syntax:

pragma Postcondition (
   [Check   =>] Boolean_Expression
 [,[Message =>] String_Expression]);

The Postcondition pragma allows specification of automatic postcondition checks for subprograms. These checks are similar to assertions, but are automatically inserted just prior to the return statements of the subprogram with which they are associated (including implicit returns at the end of procedure bodies and associated exception handlers).

In addition, the boolean expression which is the condition which must be true may contain references to function’Result in the case of a function to refer to the returned value.

Postcondition pragmas may appear either immediately following the (separate) declaration of a subprogram, or at the start of the declarations of a subprogram body. Only other pragmas may intervene (that is appear between the subprogram declaration and its postconditions, or appear before the postcondition in the declaration sequence in a subprogram body). In the case of a postcondition appearing after a subprogram declaration, the formal arguments of the subprogram are visible, and can be referenced in the postcondition expressions.

The postconditions are collected and automatically tested just before any return (implicit or explicit) in the subprogram body. A postcondition is only recognized if postconditions are active at the time the pragma is encountered. The compiler switch `gnata' turns on all postconditions by default, and pragma Check_Policy with an identifier of Postcondition can also be used to control whether postconditions are active.

The general approach is that postconditions are placed in the spec if they represent functional aspects which make sense to the client. For example we might have:

function Direction return Integer;
pragma Postcondition
 (Direction'Result = +1
    or else
  Direction'Result = -1);

which serves to document that the result must be +1 or -1, and will test that this is the case at run time if postcondition checking is active.

Postconditions within the subprogram body can be used to check that some internal aspect of the implementation, not visible to the client, is operating as expected. For instance if a square root routine keeps an internal counter of the number of times it is called, then we might have the following postcondition:

Sqrt_Calls : Natural := 0;

function Sqrt (Arg : Float) return Float is
  pragma Postcondition
    (Sqrt_Calls = Sqrt_Calls'Old + 1);
  ...
end Sqrt

As this example, shows, the use of the Old attribute is often useful in postconditions to refer to the state on entry to the subprogram.

Note that postconditions are only checked on normal returns from the subprogram. If an abnormal return results from raising an exception, then the postconditions are not checked.

If a postcondition fails, then the exception System.Assertions.Assert_Failure is raised. If a message argument was supplied, then the given string will be used as the exception message. If no message argument was supplied, then the default message has the form "Postcondition failed at file_name:line". The exception is raised in the context of the subprogram body, so it is possible to catch postcondition failures within the subprogram body itself.

Within a package spec, normal visibility rules in Ada would prevent forward references within a postcondition pragma to functions defined later in the same package. This would introduce undesirable ordering constraints. To avoid this problem, all postcondition pragmas are analyzed at the end of the package spec, allowing forward references.

The following example shows that this even allows mutually recursive postconditions as in:

package Parity_Functions is
   function Odd  (X : Natural) return Boolean;
   pragma Postcondition
     (Odd'Result =
        (x = 1
          or else
        (x /= 0 and then Even (X - 1))));

   function Even (X : Natural) return Boolean;
   pragma Postcondition
     (Even'Result =
        (x = 0
          or else
        (x /= 1 and then Odd (X - 1))));

end Parity_Functions;

There are no restrictions on the complexity or form of conditions used within Postcondition pragmas. The following example shows that it is even possible to verify performance behavior.

package Sort is

   Performance : constant Float;
   --  Performance constant set by implementation
   --  to match target architecture behavior.

   procedure Treesort (Arg : String);
   --  Sorts characters of argument using N*logN sort
   pragma Postcondition
     (Float (Clock - Clock'Old) <=
        Float (Arg'Length) *
        log (Float (Arg'Length)) *
        Performance);
end Sort;

Note: postcondition pragmas associated with subprograms that are marked as Inline_Always, or those marked as Inline with front-end inlining (-gnatN option set) are accepted and legality-checked by the compiler, but are ignored at run-time even if postcondition checking is enabled.

Note that pragma Postcondition differs from the language-defined Post aspect (and corresponding Post pragma) in allowing multiple occurrences, allowing occurences in the body even if there is a separate spec, and allowing a second string parameter, and the use of the pragma identifier Check. Historically, pragma Postcondition was implemented prior to the development of Ada 2012, and has been retained in its original form for compatibility purposes.


2.130 Pragma Post_Class

Syntax:

pragma Post_Class (Boolean_Expression);

The Post_Class pragma is intended to be an exact replacement for the language-defined Post'Class aspect, and shares its restrictions and semantics. It must appear either immediately following the corresponding subprogram declaration (only other pragmas may intervene), or if there is no separate subprogram declaration, then it can appear at the start of the declarations in a subprogram body (preceded only by other pragmas).

Note: This pragma is called Post_Class rather than Post'Class because the latter would not be strictly conforming to the allowed syntax for pragmas. The motivation for provinding pragmas equivalent to the aspects is to allow a program to be written using the pragmas, and then compiled if necessary using an Ada compiler that does not recognize the pragmas or aspects, but is prepared to ignore the pragmas. The assertion policy that controls this pragma is Post'Class, not Post_Class.


2.131 Pragma Rename_Pragma

Syntax:

pragma Rename_Pragma (
         [New_Name =>] IDENTIFIER,
         [Renamed  =>] pragma_IDENTIFIER);

This pragma provides a mechanism for supplying new names for existing pragmas. The New_Name identifier can subsequently be used as a synonym for the Renamed pragma. For example, suppose you have code that was originally developed on a compiler that supports Inline_Only as an implementation defined pragma. And suppose the semantics of pragma Inline_Only are identical to (or at least very similar to) the GNAT implementation defined pragma Inline_Always. You could globally replace Inline_Only with Inline_Always.

However, to avoid that source modification, you could instead add a configuration pragma:

pragma Rename_Pragma (
         New_Name => Inline_Only,
         Renamed  => Inline_Always);

Then GNAT will treat "pragma Inline_Only ..." as if you had written "pragma Inline_Always ...".

Pragma Inline_Only will not necessarily mean the same thing as the other Ada compiler; it’s up to you to make sure the semantics are close enough.


2.132 Pragma Pre

Syntax:

pragma Pre (Boolean_Expression);

The Pre pragma is intended to be an exact replacement for the language-defined Pre aspect, and shares its restrictions and semantics. It must appear either immediately following the corresponding subprogram declaration (only other pragmas may intervene), or if there is no separate subprogram declaration, then it can appear at the start of the declarations in a subprogram body (preceded only by other pragmas).


2.133 Pragma Precondition

Syntax:

pragma Precondition (
   [Check   =>] Boolean_Expression
 [,[Message =>] String_Expression]);

The Precondition pragma is similar to Postcondition except that the corresponding checks take place immediately upon entry to the subprogram, and if a precondition fails, the exception is raised in the context of the caller, and the attribute ’Result cannot be used within the precondition expression.

Otherwise, the placement and visibility rules are identical to those described for postconditions. The following is an example of use within a package spec:

package Math_Functions is
   ...
   function Sqrt (Arg : Float) return Float;
   pragma Precondition (Arg >= 0.0)
   ...
end Math_Functions;

Precondition pragmas may appear either immediately following the (separate) declaration of a subprogram, or at the start of the declarations of a subprogram body. Only other pragmas may intervene (that is appear between the subprogram declaration and its postconditions, or appear before the postcondition in the declaration sequence in a subprogram body).

Note: precondition pragmas associated with subprograms that are marked as Inline_Always, or those marked as Inline with front-end inlining (-gnatN option set) are accepted and legality-checked by the compiler, but are ignored at run-time even if precondition checking is enabled.

Note that pragma Precondition differs from the language-defined Pre aspect (and corresponding Pre pragma) in allowing multiple occurrences, allowing occurences in the body even if there is a separate spec, and allowing a second string parameter, and the use of the pragma identifier Check. Historically, pragma Precondition was implemented prior to the development of Ada 2012, and has been retained in its original form for compatibility purposes.


2.134 Pragma Predicate

Syntax:

pragma Predicate
  ([Entity =>] type_LOCAL_NAME,
   [Check  =>] EXPRESSION);

This pragma (available in all versions of Ada in GNAT) encompasses both the Static_Predicate and Dynamic_Predicate aspects in Ada 2012. A predicate is regarded as static if it has an allowed form for Static_Predicate and is otherwise treated as a Dynamic_Predicate. Otherwise, predicates specified by this pragma behave exactly as described in the Ada 2012 reference manual. For example, if we have

type R is range 1 .. 10;
subtype S is R;
pragma Predicate (Entity => S, Check => S not in 4 .. 6);
subtype Q is R
pragma Predicate (Entity => Q, Check => F(Q) or G(Q));

the effect is identical to the following Ada 2012 code:

type R is range 1 .. 10;
subtype S is R with
  Static_Predicate => S not in 4 .. 6;
subtype Q is R with
  Dynamic_Predicate => F(Q) or G(Q);

Note that there are no pragmas Dynamic_Predicate or Static_Predicate. That is because these pragmas would affect legality and semantics of the program and thus do not have a neutral effect if ignored. The motivation behind providing pragmas equivalent to corresponding aspects is to allow a program to be written using the pragmas, and then compiled with a compiler that will ignore the pragmas. That doesn’t work in the case of static and dynamic predicates, since if the corresponding pragmas are ignored, then the behavior of the program is fundamentally changed (for example a membership test A in B would not take into account a predicate defined for subtype B). When following this approach, the use of predicates should be avoided.


2.135 Pragma Predicate_Failure

Syntax:

pragma Predicate_Failure
  ([Entity  =>] type_LOCAL_NAME,
   [Message =>] String_Expression);

The Predicate_Failure pragma is intended to be an exact replacement for the language-defined Predicate_Failure aspect, and shares its restrictions and semantics.


2.136 Pragma Preelaborable_Initialization

Syntax:

pragma Preelaborable_Initialization (DIRECT_NAME);

This pragma is standard in Ada 2005, but is available in all earlier versions of Ada as an implementation-defined pragma. See Ada 2012 Reference Manual for details.


2.137 Pragma Prefix_Exception_Messages

Syntax:

pragma Prefix_Exception_Messages;

This is an implementation-defined configuration pragma that affects the behavior of raise statements with a message given as a static string constant (typically a string literal). In such cases, the string will be automatically prefixed by the name of the enclosing entity (giving the package and subprogram containing the raise statement). This helps to identify where messages are coming from, and this mode is automatic for the run-time library.

The pragma has no effect if the message is computed with an expression other than a static string constant, since the assumption in this case is that the program computes exactly the string it wants. If you still want the prefixing in this case, you can always call GNAT.Source_Info.Enclosing_Entity and prepend the string manually.


2.138 Pragma Pre_Class

Syntax:

pragma Pre_Class (Boolean_Expression);

The Pre_Class pragma is intended to be an exact replacement for the language-defined Pre'Class aspect, and shares its restrictions and semantics. It must appear either immediately following the corresponding subprogram declaration (only other pragmas may intervene), or if there is no separate subprogram declaration, then it can appear at the start of the declarations in a subprogram body (preceded only by other pragmas).

Note: This pragma is called Pre_Class rather than Pre'Class because the latter would not be strictly conforming to the allowed syntax for pragmas. The motivation for providing pragmas equivalent to the aspects is to allow a program to be written using the pragmas, and then compiled if necessary using an Ada compiler that does not recognize the pragmas or aspects, but is prepared to ignore the pragmas. The assertion policy that controls this pragma is Pre'Class, not Pre_Class.


2.139 Pragma Priority_Specific_Dispatching

Syntax:

pragma Priority_Specific_Dispatching (
   POLICY_IDENTIFIER,
   first_priority_EXPRESSION,
   last_priority_EXPRESSION)

POLICY_IDENTIFIER ::=
   EDF_Across_Priorities            |
   FIFO_Within_Priorities           |
   Non_Preemptive_Within_Priorities |
   Round_Robin_Within_Priorities

This pragma is standard in Ada 2005, but is available in all earlier versions of Ada as an implementation-defined pragma. See Ada 2012 Reference Manual for details.


2.140 Pragma Profile

Syntax:

pragma Profile (Ravenscar | Restricted | Rational | Jorvik |
                GNAT_Extended_Ravenscar | GNAT_Ravenscar_EDF );

This pragma is standard in Ada 2005, but is available in all earlier versions of Ada as an implementation-defined pragma. This is a configuration pragma that establishes a set of configuration pragmas that depend on the argument. Ravenscar is standard in Ada 2005. Jorvik is standard in Ada 202x. The other possibilities (Restricted, Rational, GNAT_Extended_Ravenscar, GNAT_Ravenscar_EDF) are implementation-defined. GNAT_Extended_Ravenscar is an alias for Jorvik.

The set of configuration pragmas is defined in the following sections.

  • * Pragma Profile (Ravenscar)

    The Ravenscar profile is standard in Ada 2005, but is available in all earlier versions of Ada as an implementation-defined pragma. This profile establishes the following set of configuration pragmas:

    • * Task_Dispatching_Policy (FIFO_Within_Priorities)

      [RM D.2.2] Tasks are dispatched following a preemptive priority-ordered scheduling policy.

    • * Locking_Policy (Ceiling_Locking)

      [RM D.3] While tasks and interrupts execute a protected action, they inherit the ceiling priority of the corresponding protected object.

    • * Detect_Blocking

      This pragma forces the detection of potentially blocking operations within a protected operation, and to raise Program_Error if that happens.

    plus the following set of restrictions:

    • * Max_Entry_Queue_Length => 1

      No task can be queued on a protected entry.

    • * Max_Protected_Entries => 1
    • * Max_Task_Entries => 0

      No rendezvous statements are allowed.

    • * No_Abort_Statements
    • * No_Dynamic_Attachment
    • * No_Dynamic_Priorities
    • * No_Implicit_Heap_Allocations
    • * No_Local_Protected_Objects
    • * No_Local_Timing_Events
    • * No_Protected_Type_Allocators
    • * No_Relative_Delay
    • * No_Requeue_Statements
    • * No_Select_Statements
    • * No_Specific_Termination_Handlers
    • * No_Task_Allocators
    • * No_Task_Hierarchy
    • * No_Task_Termination
    • * Simple_Barriers

    The Ravenscar profile also includes the following restrictions that specify that there are no semantic dependencies on the corresponding predefined packages:

    • * No_Dependence => Ada.Asynchronous_Task_Control
    • * No_Dependence => Ada.Calendar
    • * No_Dependence => Ada.Execution_Time.Group_Budget
    • * No_Dependence => Ada.Execution_Time.Timers
    • * No_Dependence => Ada.Task_Attributes
    • * No_Dependence => System.Multiprocessors.Dispatching_Domains

    This set of configuration pragmas and restrictions correspond to the definition of the ’Ravenscar Profile’ for limited tasking, devised and published by the International Real-Time Ada Workshop, 1997. A description is also available at ‘http://www-users.cs.york.ac.uk/~burns/ravenscar.ps’.

    The original definition of the profile was revised at subsequent IRTAW meetings. It has been included in the ISO Guide for the Use of the Ada Programming Language in High Integrity Systems, and was made part of the Ada 2005 standard. The formal definition given by the Ada Rapporteur Group (ARG) can be found in two Ada Issues (AI-249 and AI-305) available at ‘http://www.ada-auth.org/cgi-bin/cvsweb.cgi/ais/ai-00249.txt’ and ‘http://www.ada-auth.org/cgi-bin/cvsweb.cgi/ais/ai-00305.txt’.

    The above set is a superset of the restrictions provided by pragma Profile (Restricted), it includes six additional restrictions (Simple_Barriers, No_Select_Statements, No_Calendar, No_Implicit_Heap_Allocations, No_Relative_Delay and No_Task_Termination). This means that pragma Profile (Ravenscar), like the pragma Profile (Restricted), automatically causes the use of a simplified, more efficient version of the tasking run-time library.

  • * Pragma Profile (Jorvik)

    Jorvik is the new profile added to the Ada 202x draft standard, previously implemented under the name GNAT_Extended_Ravenscar.

    The No_Implicit_Heap_Allocations restriction has been replaced by No_Implicit_Task_Allocations and No_Implicit_Protected_Object_Allocations.

    The Simple_Barriers restriction has been replaced by Pure_Barriers.

    The Max_Protected_Entries, Max_Entry_Queue_Length, and No_Relative_Delay restrictions have been removed.

    Details on the rationale for Jorvik and implications for use may be found in A New Ravenscar-Based Profile by P. Rogers, J. Ruiz, T. Gingold and P. Bernardi, in Reliable Software Technologies – Ada Europe 2017, Springer-Verlag Lecture Notes in Computer Science, Number 10300.

  • * Pragma Profile (GNAT_Ravenscar_EDF)

    This profile corresponds to the Ravenscar profile but using EDF_Across_Priority as the Task_Scheduling_Policy.

  • * Pragma Profile (Restricted)

    This profile corresponds to the GNAT restricted run time. It establishes the following set of restrictions:

    • * No_Abort_Statements
    • * No_Entry_Queue
    • * No_Task_Hierarchy
    • * No_Task_Allocators
    • * No_Dynamic_Priorities
    • * No_Terminate_Alternatives
    • * No_Dynamic_Attachment
    • * No_Protected_Type_Allocators
    • * No_Local_Protected_Objects
    • * No_Requeue_Statements
    • * No_Task_Attributes_Package
    • * Max_Asynchronous_Select_Nesting = 0
    • * Max_Task_Entries = 0
    • * Max_Protected_Entries = 1
    • * Max_Select_Alternatives = 0

    This set of restrictions causes the automatic selection of a simplified version of the run time that provides improved performance for the limited set of tasking functionality permitted by this set of restrictions.

  • * Pragma Profile (Rational)

    The Rational profile is intended to facilitate porting legacy code that compiles with the Rational APEX compiler, even when the code includes non- conforming Ada constructs. The profile enables the following three pragmas:

    • * pragma Implicit_Packing
    • * pragma Overriding_Renamings
    • * pragma Use_VADS_Size

2.141 Pragma Profile_Warnings

Syntax:

pragma Profile_Warnings (Ravenscar | Restricted | Rational);

This is an implementation-defined pragma that is similar in effect to pragma Profile except that instead of generating Restrictions pragmas, it generates Restriction_Warnings pragmas. The result is that violations of the profile generate warning messages instead of error messages.


2.142 Pragma Propagate_Exceptions

Syntax:

pragma Propagate_Exceptions;

This pragma is now obsolete and, other than generating a warning if warnings on obsolescent features are enabled, is ignored. It is retained for compatibility purposes. It used to be used in connection with optimization of a now-obsolete mechanism for implementation of exceptions.


2.143 Pragma Provide_Shift_Operators

Syntax:

pragma Provide_Shift_Operators (integer_first_subtype_LOCAL_NAME);

This pragma can be applied to a first subtype local name that specifies either an unsigned or signed type. It has the effect of providing the five shift operators (Shift_Left, Shift_Right, Shift_Right_Arithmetic, Rotate_Left and Rotate_Right) for the given type. It is similar to including the function declarations for these five operators, together with the pragma Import (Intrinsic, ...) statements.


2.144 Pragma Psect_Object

Syntax:

pragma Psect_Object (
     [Internal =>] LOCAL_NAME,
  [, [External =>] EXTERNAL_SYMBOL]
  [, [Size     =>] EXTERNAL_SYMBOL]);

EXTERNAL_SYMBOL ::=
  IDENTIFIER
| static_string_EXPRESSION

This pragma is identical in effect to pragma Common_Object.


2.145 Pragma Pure_Function

Syntax:

pragma Pure_Function ([Entity =>] function_LOCAL_NAME);

This pragma appears in the same declarative part as a function declaration (or a set of function declarations if more than one overloaded declaration exists, in which case the pragma applies to all entities). It specifies that the function Entity is to be considered pure for the purposes of code generation. This means that the compiler can assume that there are no side effects, and in particular that two calls with identical arguments produce the same result. It also means that the function can be used in an address clause.

Note that, quite deliberately, there are no static checks to try to ensure that this promise is met, so Pure_Function can be used with functions that are conceptually pure, even if they do modify global variables. For example, a square root function that is instrumented to count the number of times it is called is still conceptually pure, and can still be optimized, even though it modifies a global variable (the count). Memo functions are another example (where a table of previous calls is kept and consulted to avoid re-computation).

Note also that the normal rules excluding optimization of subprograms in pure units (when parameter types are descended from System.Address, or when the full view of a parameter type is limited), do not apply for the Pure_Function case. If you explicitly specify Pure_Function, the compiler may optimize away calls with identical arguments, and if that results in unexpected behavior, the proper action is not to use the pragma for subprograms that are not (conceptually) pure.

Note: Most functions in a Pure package are automatically pure, and there is no need to use pragma Pure_Function for such functions. One exception is any function that has at least one formal of type System.Address or a type derived from it. Such functions are not considered pure by default, since the compiler assumes that the Address parameter may be functioning as a pointer and that the referenced data may change even if the address value does not. Similarly, imported functions are not considered to be pure by default, since there is no way of checking that they are in fact pure. The use of pragma Pure_Function for such a function will override these default assumption, and cause the compiler to treat a designated subprogram as pure in these cases.

Note: If pragma Pure_Function is applied to a renamed function, it applies to the underlying renamed function. This can be used to disambiguate cases of overloading where some but not all functions in a set of overloaded functions are to be designated as pure.

If pragma Pure_Function is applied to a library-level function, the function is also considered pure from an optimization point of view, but the unit is not a Pure unit in the categorization sense. So for example, a function thus marked is free to with non-pure units.


2.146 Pragma Rational

Syntax:

pragma Rational;

This pragma is considered obsolescent, but is retained for compatibility purposes. It is equivalent to:

pragma Profile (Rational);

2.147 Pragma Ravenscar

Syntax:

pragma Ravenscar;

This pragma is considered obsolescent, but is retained for compatibility purposes. It is equivalent to:

pragma Profile (Ravenscar);

which is the preferred method of setting the Ravenscar profile.


2.148 Pragma Refined_Depends

Syntax:

pragma Refined_Depends (DEPENDENCY_RELATION);

DEPENDENCY_RELATION ::=
     null
  | (DEPENDENCY_CLAUSE {, DEPENDENCY_CLAUSE})

DEPENDENCY_CLAUSE ::=
    OUTPUT_LIST =>[+] INPUT_LIST
  | NULL_DEPENDENCY_CLAUSE

NULL_DEPENDENCY_CLAUSE ::= null => INPUT_LIST

OUTPUT_LIST ::= OUTPUT | (OUTPUT {, OUTPUT})

INPUT_LIST ::= null | INPUT | (INPUT {, INPUT})

OUTPUT ::= NAME | FUNCTION_RESULT
INPUT  ::= NAME

where FUNCTION_RESULT is a function Result attribute_reference

For the semantics of this pragma, see the entry for aspect Refined_Depends in the SPARK 2014 Reference Manual, section 6.1.5.


2.149 Pragma Refined_Global

Syntax:

pragma Refined_Global (GLOBAL_SPECIFICATION);

GLOBAL_SPECIFICATION ::=
     null
  | (GLOBAL_LIST)
  | (MODED_GLOBAL_LIST {, MODED_GLOBAL_LIST})

MODED_GLOBAL_LIST ::= MODE_SELECTOR => GLOBAL_LIST

MODE_SELECTOR ::= In_Out | Input | Output | Proof_In
GLOBAL_LIST   ::= GLOBAL_ITEM | (GLOBAL_ITEM {, GLOBAL_ITEM})
GLOBAL_ITEM   ::= NAME

For the semantics of this pragma, see the entry for aspect Refined_Global in the SPARK 2014 Reference Manual, section 6.1.4.


2.150 Pragma Refined_Post

Syntax:

pragma Refined_Post (boolean_EXPRESSION);

For the semantics of this pragma, see the entry for aspect Refined_Post in the SPARK 2014 Reference Manual, section 7.2.7.


2.151 Pragma Refined_State

Syntax:

pragma Refined_State (REFINEMENT_LIST);

REFINEMENT_LIST ::=
  (REFINEMENT_CLAUSE {, REFINEMENT_CLAUSE})

REFINEMENT_CLAUSE ::= state_NAME => CONSTITUENT_LIST

CONSTITUENT_LIST ::=
     null
  |  CONSTITUENT
  | (CONSTITUENT {, CONSTITUENT})

CONSTITUENT ::= object_NAME | state_NAME

For the semantics of this pragma, see the entry for aspect Refined_State in the SPARK 2014 Reference Manual, section 7.2.2.


2.152 Pragma Relative_Deadline

Syntax:

pragma Relative_Deadline (time_span_EXPRESSION);

This pragma is standard in Ada 2005, but is available in all earlier versions of Ada as an implementation-defined pragma. See Ada 2012 Reference Manual for details.


2.153 Pragma Remote_Access_Type

Syntax:

pragma Remote_Access_Type ([Entity =>] formal_access_type_LOCAL_NAME);

This pragma appears in the formal part of a generic declaration. It specifies an exception to the RM rule from E.2.2(17/2), which forbids the use of a remote access to class-wide type as actual for a formal access type.

When this pragma applies to a formal access type Entity, that type is treated as a remote access to class-wide type in the generic. It must be a formal general access type, and its designated type must be the class-wide type of a formal tagged limited private type from the same generic declaration.

In the generic unit, the formal type is subject to all restrictions pertaining to remote access to class-wide types. At instantiation, the actual type must be a remote access to class-wide type.


2.154 Pragma Restricted_Run_Time

Syntax:

pragma Restricted_Run_Time;

This pragma is considered obsolescent, but is retained for compatibility purposes. It is equivalent to:

pragma Profile (Restricted);

which is the preferred method of setting the restricted run time profile.


2.155 Pragma Restriction_Warnings

Syntax:

pragma Restriction_Warnings
  (restriction_IDENTIFIER {, restriction_IDENTIFIER});

This pragma allows a series of restriction identifiers to be specified (the list of allowed identifiers is the same as for pragma Restrictions). For each of these identifiers the compiler checks for violations of the restriction, but generates a warning message rather than an error message if the restriction is violated.

One use of this is in situations where you want to know about violations of a restriction, but you want to ignore some of these violations. Consider this example, where you want to set Ada_95 mode and enable style checks, but you want to know about any other use of implementation pragmas:

pragma Restriction_Warnings (No_Implementation_Pragmas);
pragma Warnings (Off, "violation of No_Implementation_Pragmas");
pragma Ada_95;
pragma Style_Checks ("2bfhkM160");
pragma Warnings (On, "violation of No_Implementation_Pragmas");

By including the above lines in a configuration pragmas file, the Ada_95 and Style_Checks pragmas are accepted without generating a warning, but any other use of implementation defined pragmas will cause a warning to be generated.


2.156 Pragma Reviewable

Syntax:

pragma Reviewable;

This pragma is an RM-defined standard pragma, but has no effect on the program being compiled, or on the code generated for the program.

To obtain the required output specified in RM H.3.1, the compiler must be run with various special switches as follows:

  • * `Where compiler-generated run-time checks remain'

    The switch `-gnatGL' may be used to list the expanded code in pseudo-Ada form. Runtime checks show up in the listing either as explicit checks or operators marked with {} to indicate a check is present.

  • * `An identification of known exceptions at compile time'

    If the program is compiled with `-gnatwa', the compiler warning messages will indicate all cases where the compiler detects that an exception is certain to occur at run time.

  • * `Possible reads of uninitialized variables'

    The compiler warns of many such cases, but its output is incomplete.

A supplemental static analysis tool may be used to obtain a comprehensive list of all possible points at which uninitialized data may be read.

  • * `Where run-time support routines are implicitly invoked'

    In the output from `-gnatGL', run-time calls are explicitly listed as calls to the relevant run-time routine.

  • * `Object code listing'

    This may be obtained either by using the `-S' switch, or the objdump utility.

  • * `Constructs known to be erroneous at compile time'

    These are identified by warnings issued by the compiler (use `-gnatwa').

  • * `Stack usage information'

    Static stack usage data (maximum per-subprogram) can be obtained via the `-fstack-usage' switch to the compiler. Dynamic stack usage data (per task) can be obtained via the `-u' switch to gnatbind

  • * `Object code listing of entire partition'

    This can be obtained by compiling the partition with `-S', or by applying objdump to all the object files that are part of the partition.

  • * `A description of the run-time model'

    The full sources of the run-time are available, and the documentation of these routines describes how these run-time routines interface to the underlying operating system facilities.

  • * `Control and data-flow information'

A supplemental static analysis tool may be used to obtain complete control and data-flow information, as well as comprehensive messages identifying possible problems based on this information.


2.157 Pragma Secondary_Stack_Size

Syntax:

pragma Secondary_Stack_Size (integer_EXPRESSION);

This pragma appears within the task definition of a single task declaration or a task type declaration (like pragma Storage_Size) and applies to all task objects of that type. The argument specifies the size of the secondary stack to be used by these task objects, and must be of an integer type. The secondary stack is used to handle functions that return a variable-sized result, for example a function returning an unconstrained String.

Note this pragma only applies to targets using fixed secondary stacks, like VxWorks 653 and bare board targets, where a fixed block for the secondary stack is allocated from the primary stack of the task. By default, these targets assign a percentage of the primary stack for the secondary stack, as defined by System.Parameter.Sec_Stack_Percentage. With this pragma, an integer_EXPRESSION of bytes is assigned from the primary stack instead.

For most targets, the pragma does not apply as the secondary stack grows on demand: allocated as a chain of blocks in the heap. The default size of these blocks can be modified via the -D binder option as described in GNAT User’s Guide.

Note that no check is made to see if the secondary stack can fit inside the primary stack.

Note the pragma cannot appear when the restriction No_Secondary_Stack is in effect.


2.158 Pragma Share_Generic

Syntax:

pragma Share_Generic (GNAME {, GNAME});

GNAME ::= generic_unit_NAME | generic_instance_NAME

This pragma is provided for compatibility with Dec Ada 83. It has no effect in GNAT (which does not implement shared generics), other than to check that the given names are all names of generic units or generic instances.


2.159 Pragma Shared

This pragma is provided for compatibility with Ada 83. The syntax and semantics are identical to pragma Atomic.


2.160 Pragma Short_Circuit_And_Or

Syntax:

pragma Short_Circuit_And_Or;

This configuration pragma causes any occurrence of the AND operator applied to operands of type Standard.Boolean to be short-circuited (i.e. the AND operator is treated as if it were AND THEN). Or is similarly treated as OR ELSE. This may be useful in the context of certification protocols requiring the use of short-circuited logical operators. If this configuration pragma occurs locally within the file being compiled, it applies only to the file being compiled. There is no requirement that all units in a partition use this option.


2.161 Pragma Short_Descriptors

Syntax:

pragma Short_Descriptors

This pragma is provided for compatibility with other Ada implementations. It is recognized but ignored by all current versions of GNAT.


2.162 Pragma Simple_Storage_Pool_Type

Syntax:

pragma Simple_Storage_Pool_Type (type_LOCAL_NAME);

A type can be established as a ’simple storage pool type’ by applying the representation pragma Simple_Storage_Pool_Type to the type. A type named in the pragma must be a library-level immutably limited record type or limited tagged type declared immediately within a package declaration. The type can also be a limited private type whose full type is allowed as a simple storage pool type.

For a simple storage pool type SSP, nonabstract primitive subprograms Allocate, Deallocate, and Storage_Size can be declared that are subtype conformant with the following subprogram declarations:

procedure Allocate
  (Pool                     : in out SSP;
   Storage_Address          : out System.Address;
   Size_In_Storage_Elements : System.Storage_Elements.Storage_Count;
   Alignment                : System.Storage_Elements.Storage_Count);

procedure Deallocate
  (Pool : in out SSP;
   Storage_Address          : System.Address;
   Size_In_Storage_Elements : System.Storage_Elements.Storage_Count;
   Alignment                : System.Storage_Elements.Storage_Count);

function Storage_Size (Pool : SSP)
  return System.Storage_Elements.Storage_Count;

Procedure Allocate must be declared, whereas Deallocate and Storage_Size are optional. If Deallocate is not declared, then applying an unchecked deallocation has no effect other than to set its actual parameter to null. If Storage_Size is not declared, then the Storage_Size attribute applied to an access type associated with a pool object of type SSP returns zero. Additional operations can be declared for a simple storage pool type (such as for supporting a mark/release storage-management discipline).

An object of a simple storage pool type can be associated with an access type by specifying the attribute Simple_Storage_Pool. For example:

My_Pool : My_Simple_Storage_Pool_Type;

type Acc is access My_Data_Type;

for Acc'Simple_Storage_Pool use My_Pool;

See attribute Simple_Storage_Pool for further details.


2.163 Pragma Source_File_Name

Syntax:

pragma Source_File_Name (
  [Unit_Name   =>] unit_NAME,
  Spec_File_Name =>  STRING_LITERAL,
  [Index => INTEGER_LITERAL]);

pragma Source_File_Name (
  [Unit_Name   =>] unit_NAME,
  Body_File_Name =>  STRING_LITERAL,
  [Index => INTEGER_LITERAL]);

Use this to override the normal naming convention. It is a configuration pragma, and so has the usual applicability of configuration pragmas (i.e., it applies to either an entire partition, or to all units in a compilation, or to a single unit, depending on how it is used. unit_name is mapped to file_name_literal. The identifier for the second argument is required, and indicates whether this is the file name for the spec or for the body.

The optional Index argument should be used when a file contains multiple units, and when you do not want to use gnatchop to separate then into multiple files (which is the recommended procedure to limit the number of recompilations that are needed when some sources change). For instance, if the source file source.ada contains

package B is
...
end B;

with B;
procedure A is
begin
   ..
end A;

you could use the following configuration pragmas:

pragma Source_File_Name
  (B, Spec_File_Name => "source.ada", Index => 1);
pragma Source_File_Name
  (A, Body_File_Name => "source.ada", Index => 2);

Note that the gnatname utility can also be used to generate those configuration pragmas.

Another form of the Source_File_Name pragma allows the specification of patterns defining alternative file naming schemes to apply to all files.

pragma Source_File_Name
  (  [Spec_File_Name  =>] STRING_LITERAL
   [,[Casing          =>] CASING_SPEC]
   [,[Dot_Replacement =>] STRING_LITERAL]);

pragma Source_File_Name
  (  [Body_File_Name  =>] STRING_LITERAL
   [,[Casing          =>] CASING_SPEC]
   [,[Dot_Replacement =>] STRING_LITERAL]);

pragma Source_File_Name
  (  [Subunit_File_Name =>] STRING_LITERAL
   [,[Casing            =>] CASING_SPEC]
   [,[Dot_Replacement   =>] STRING_LITERAL]);

CASING_SPEC ::= Lowercase | Uppercase | Mixedcase

The first argument is a pattern that contains a single asterisk indicating the point at which the unit name is to be inserted in the pattern string to form the file name. The second argument is optional. If present it specifies the casing of the unit name in the resulting file name string. The default is lower case. Finally the third argument allows for systematic replacement of any dots in the unit name by the specified string literal.

Note that Source_File_Name pragmas should not be used if you are using project files. The reason for this rule is that the project manager is not aware of these pragmas, and so other tools that use the projet file would not be aware of the intended naming conventions. If you are using project files, file naming is controlled by Source_File_Name_Project pragmas, which are usually supplied automatically by the project manager. A pragma Source_File_Name cannot appear after a Pragma Source_File_Name_Project.

For more details on the use of the Source_File_Name pragma, see the sections on Using Other File Names and Alternative File Naming Schemes in the GNAT User’s Guide.


2.164 Pragma Source_File_Name_Project

This pragma has the same syntax and semantics as pragma Source_File_Name. It is only allowed as a stand-alone configuration pragma. It cannot appear after a Pragma Source_File_Name, and most importantly, once pragma Source_File_Name_Project appears, no further Source_File_Name pragmas are allowed.

The intention is that Source_File_Name_Project pragmas are always generated by the Project Manager in a manner consistent with the naming specified in a project file, and when naming is controlled in this manner, it is not permissible to attempt to modify this naming scheme using Source_File_Name or Source_File_Name_Project pragmas (which would not be known to the project manager).


2.165 Pragma Source_Reference

Syntax:

pragma Source_Reference (INTEGER_LITERAL, STRING_LITERAL);

This pragma must appear as the first line of a source file. integer_literal is the logical line number of the line following the pragma line (for use in error messages and debugging information). string_literal is a static string constant that specifies the file name to be used in error messages and debugging information. This is most notably used for the output of gnatchop with the `-r' switch, to make sure that the original unchopped source file is the one referred to.

The second argument must be a string literal, it cannot be a static string expression other than a string literal. This is because its value is needed for error messages issued by all phases of the compiler.


2.166 Pragma SPARK_Mode

Syntax:

pragma SPARK_Mode [(On | Off)] ;

In general a program can have some parts that are in SPARK 2014 (and follow all the rules in the SPARK Reference Manual), and some parts that are full Ada 2012.

The SPARK_Mode pragma is used to identify which parts are in SPARK 2014 (by default programs are in full Ada). The SPARK_Mode pragma can be used in the following places:

  • * As a configuration pragma, in which case it sets the default mode for all units compiled with this pragma.
  • * Immediately following a library-level subprogram spec
  • * Immediately within a library-level package body
  • * Immediately following the private keyword of a library-level package spec
  • * Immediately following the begin keyword of a library-level package body
  • * Immediately within a library-level subprogram body

Normally a subprogram or package spec/body inherits the current mode that is active at the point it is declared. But this can be overridden by pragma within the spec or body as above.

The basic consistency rule is that you can’t turn SPARK_Mode back On, once you have explicitly (with a pragma) turned if Off. So the following rules apply:

If a subprogram spec has SPARK_Mode Off, then the body must also have SPARK_Mode Off.

For a package, we have four parts:

  • * the package public declarations
  • * the package private part
  • * the body of the package
  • * the elaboration code after begin

For a package, the rule is that if you explicitly turn SPARK_Mode Off for any part, then all the following parts must have SPARK_Mode Off. Note that this may require repeating a pragma SPARK_Mode (Off) in the body. For example, if we have a configuration pragma SPARK_Mode (On) that turns the mode on by default everywhere, and one particular package spec has pragma SPARK_Mode (Off), then that pragma will need to be repeated in the package body.


2.167 Pragma Static_Elaboration_Desired

Syntax:

pragma Static_Elaboration_Desired;

This pragma is used to indicate that the compiler should attempt to initialize statically the objects declared in the library unit to which the pragma applies, when these objects are initialized (explicitly or implicitly) by an aggregate. In the absence of this pragma, aggregates in object declarations are expanded into assignments and loops, even when the aggregate components are static constants. When the aggregate is present the compiler builds a static expression that requires no run-time code, so that the initialized object can be placed in read-only data space. If the components are not static, or the aggregate has more that 100 components, the compiler emits a warning that the pragma cannot be obeyed. (See also the restriction No_Implicit_Loops, which supports static construction of larger aggregates with static components that include an others choice.)


2.168 Pragma Stream_Convert

Syntax:

pragma Stream_Convert (
  [Entity =>] type_LOCAL_NAME,
  [Read   =>] function_NAME,
  [Write  =>] function_NAME);

This pragma provides an efficient way of providing user-defined stream attributes. Not only is it simpler to use than specifying the attributes directly, but more importantly, it allows the specification to be made in such a way that the predefined unit Ada.Streams is not loaded unless it is actually needed (i.e. unless the stream attributes are actually used); the use of the Stream_Convert pragma adds no overhead at all, unless the stream attributes are actually used on the designated type.

The first argument specifies the type for which stream functions are provided. The second parameter provides a function used to read values of this type. It must name a function whose argument type may be any subtype, and whose returned type must be the type given as the first argument to the pragma.

The meaning of the Read parameter is that if a stream attribute directly or indirectly specifies reading of the type given as the first parameter, then a value of the type given as the argument to the Read function is read from the stream, and then the Read function is used to convert this to the required target type.

Similarly the Write parameter specifies how to treat write attributes that directly or indirectly apply to the type given as the first parameter. It must have an input parameter of the type specified by the first parameter, and the return type must be the same as the input type of the Read function. The effect is to first call the Write function to convert to the given stream type, and then write the result type to the stream.

The Read and Write functions must not be overloaded subprograms. If necessary renamings can be supplied to meet this requirement. The usage of this attribute is best illustrated by a simple example, taken from the GNAT implementation of package Ada.Strings.Unbounded:

function To_Unbounded (S : String) return Unbounded_String
  renames To_Unbounded_String;

pragma Stream_Convert
  (Unbounded_String, To_Unbounded, To_String);

The specifications of the referenced functions, as given in the Ada Reference Manual are:

function To_Unbounded_String (Source : String)
  return Unbounded_String;

function To_String (Source : Unbounded_String)
  return String;

The effect is that if the value of an unbounded string is written to a stream, then the representation of the item in the stream is in the same format that would be used for Standard.String'Output, and this same representation is expected when a value of this type is read from the stream. Note that the value written always includes the bounds, even for Unbounded_String’Write, since Unbounded_String is not an array type.

Note that the Stream_Convert pragma is not effective in the case of a derived type of a non-limited tagged type. If such a type is specified then the pragma is silently ignored, and the default implementation of the stream attributes is used instead.


2.169 Pragma Style_Checks

Syntax:

pragma Style_Checks (string_LITERAL | ALL_CHECKS |
                     On | Off [, LOCAL_NAME]);

This pragma is used in conjunction with compiler switches to control the built in style checking provided by GNAT. The compiler switches, if set, provide an initial setting for the switches, and this pragma may be used to modify these settings, or the settings may be provided entirely by the use of the pragma. This pragma can be used anywhere that a pragma is legal, including use as a configuration pragma (including use in the gnat.adc file).

The form with a string literal specifies which style options are to be activated. These are additive, so they apply in addition to any previously set style check options. The codes for the options are the same as those used in the `-gnaty' switch to `gcc' or `gnatmake'. For example the following two methods can be used to enable layout checking:

  • *
    pragma Style_Checks ("l");
    
  • *
    gcc -c -gnatyl ...
    

The form ALL_CHECKS activates all standard checks (its use is equivalent to the use of the gnaty switch with no options. See the GNAT User’s Guide for details.)

Note: the behavior is slightly different in GNAT mode (-gnatg used). In this case, ALL_CHECKS implies the standard set of GNAT mode style check options (i.e. equivalent to -gnatyg).

The forms with Off and On can be used to temporarily disable style checks as shown in the following example:

pragma Style_Checks ("k"); -- requires keywords in lower case
pragma Style_Checks (Off); -- turn off style checks
NULL;                      -- this will not generate an error message
pragma Style_Checks (On);  -- turn style checks back on
NULL;                      -- this will generate an error message

Finally the two argument form is allowed only if the first argument is On or Off. The effect is to turn of semantic style checks for the specified entity, as shown in the following example:

pragma Style_Checks ("r"); -- require consistency of identifier casing
Arg : Integer;
Rf1 : Integer := ARG;      -- incorrect, wrong case
pragma Style_Checks (Off, Arg);
Rf2 : Integer := ARG;      -- OK, no error

2.170 Pragma Subtitle

Syntax:

pragma Subtitle ([Subtitle =>] STRING_LITERAL);

This pragma is recognized for compatibility with other Ada compilers but is ignored by GNAT.


2.171 Pragma Suppress

Syntax:

pragma Suppress (Identifier [, [On =>] Name]);

This is a standard pragma, and supports all the check names required in the RM. It is included here because GNAT recognizes some additional check names that are implementation defined (as permitted by the RM):

  • * Alignment_Check can be used to suppress alignment checks on addresses used in address clauses. Such checks can also be suppressed by suppressing range checks, but the specific use of Alignment_Check allows suppression of alignment checks without suppressing other range checks. Note that Alignment_Check is suppressed by default on machines (such as the x86) with non-strict alignment.
  • * Atomic_Synchronization can be used to suppress the special memory synchronization instructions that are normally generated for access to Atomic variables to ensure correct synchronization between tasks that use such variables for synchronization purposes.
  • * Duplicated_Tag_Check Can be used to suppress the check that is generated for a duplicated tag value when a tagged type is declared.
  • * Container_Checks Can be used to suppress all checks within Ada.Containers and instances of its children, including Tampering_Check.
  • * Tampering_Check Can be used to suppress tampering check in the containers.
  • * Predicate_Check can be used to control whether predicate checks are active. It is applicable only to predicates for which the policy is Check. Unlike Assertion_Policy, which determines if a given predicate is ignored or checked for the whole program, the use of Suppress and Unsuppress with this check name allows a given predicate to be turned on and off at specific points in the program.
  • * Validity_Check can be used specifically to control validity checks. If Suppress is used to suppress validity checks, then no validity checks are performed, including those specified by the appropriate compiler switch or the Validity_Checks pragma.
  • * Additional check names previously introduced by use of the Check_Name pragma are also allowed.

Note that pragma Suppress gives the compiler permission to omit checks, but does not require the compiler to omit checks. The compiler will generate checks if they are essentially free, even when they are suppressed. In particular, if the compiler can prove that a certain check will necessarily fail, it will generate code to do an unconditional ’raise’, even if checks are suppressed. The compiler warns in this case.

Of course, run-time checks are omitted whenever the compiler can prove that they will not fail, whether or not checks are suppressed.


2.172 Pragma Suppress_All

Syntax:

pragma Suppress_All;

This pragma can appear anywhere within a unit. The effect is to apply Suppress (All_Checks) to the unit in which it appears. This pragma is implemented for compatibility with DEC Ada 83 usage where it appears at the end of a unit, and for compatibility with Rational Ada, where it appears as a program unit pragma. The use of the standard Ada pragma Suppress (All_Checks) as a normal configuration pragma is the preferred usage in GNAT.


2.173 Pragma Suppress_Debug_Info

Syntax:

pragma Suppress_Debug_Info ([Entity =>] LOCAL_NAME);

This pragma can be used to suppress generation of debug information for the specified entity. It is intended primarily for use in debugging the debugger, and navigating around debugger problems.


2.174 Pragma Suppress_Exception_Locations

Syntax:

pragma Suppress_Exception_Locations;

In normal mode, a raise statement for an exception by default generates an exception message giving the file name and line number for the location of the raise. This is useful for debugging and logging purposes, but this entails extra space for the strings for the messages. The configuration pragma Suppress_Exception_Locations can be used to suppress the generation of these strings, with the result that space is saved, but the exception message for such raises is null. This configuration pragma may appear in a global configuration pragma file, or in a specific unit as usual. It is not required that this pragma be used consistently within a partition, so it is fine to have some units within a partition compiled with this pragma and others compiled in normal mode without it.


2.175 Pragma Suppress_Initialization

Syntax:

pragma Suppress_Initialization ([Entity =>] variable_or_subtype_Name);

Here variable_or_subtype_Name is the name introduced by a type declaration or subtype declaration or the name of a variable introduced by an object declaration.

In the case of a type or subtype this pragma suppresses any implicit or explicit initialization for all variables of the given type or subtype, including initialization resulting from the use of pragmas Normalize_Scalars or Initialize_Scalars.

This is considered a representation item, so it cannot be given after the type is frozen. It applies to all subsequent object declarations, and also any allocator that creates objects of the type.

If the pragma is given for the first subtype, then it is considered to apply to the base type and all its subtypes. If the pragma is given for other than a first subtype, then it applies only to the given subtype. The pragma may not be given after the type is frozen.

Note that this includes eliminating initialization of discriminants for discriminated types, and tags for tagged types. In these cases, you will have to use some non-portable mechanism (e.g. address overlays or unchecked conversion) to achieve required initialization of these fields before accessing any object of the corresponding type.

For the variable case, implicit initialization for the named variable is suppressed, just as though its subtype had been given in a pragma Suppress_Initialization, as described above.


2.176 Pragma Task_Name

Syntax

pragma Task_Name (string_EXPRESSION);

This pragma appears within a task definition (like pragma Priority) and applies to the task in which it appears. The argument must be of type String, and provides a name to be used for the task instance when the task is created. Note that this expression is not required to be static, and in particular, it can contain references to task discriminants. This facility can be used to provide different names for different tasks as they are created, as illustrated in the example below.

The task name is recorded internally in the run-time structures and is accessible to tools like the debugger. In addition the routine Ada.Task_Identification.Image will return this string, with a unique task address appended.

--  Example of the use of pragma Task_Name

with Ada.Task_Identification;
use Ada.Task_Identification;
with Text_IO; use Text_IO;
procedure t3 is

   type Astring is access String;

   task type Task_Typ (Name : access String) is
      pragma Task_Name (Name.all);
   end Task_Typ;

   task body Task_Typ is
      Nam : constant String := Image (Current_Task);
   begin
      Put_Line ("-->" & Nam (1 .. 14) & "<--");
   end Task_Typ;

   type Ptr_Task is access Task_Typ;
   Task_Var : Ptr_Task;

begin
   Task_Var :=
     new Task_Typ (new String'("This is task 1"));
   Task_Var :=
     new Task_Typ (new String'("This is task 2"));
end;

2.177 Pragma Task_Storage

Syntax:

pragma Task_Storage (
  [Task_Type =>] LOCAL_NAME,
  [Top_Guard =>] static_integer_EXPRESSION);

This pragma specifies the length of the guard area for tasks. The guard area is an additional storage area allocated to a task. A value of zero means that either no guard area is created or a minimal guard area is created, depending on the target. This pragma can appear anywhere a Storage_Size attribute definition clause is allowed for a task type.


2.178 Pragma Test_Case

Syntax:

pragma Test_Case (
   [Name     =>] static_string_Expression
  ,[Mode     =>] (Nominal | Robustness)
 [, Requires =>  Boolean_Expression]
 [, Ensures  =>  Boolean_Expression]);

The Test_Case pragma allows defining fine-grain specifications for use by testing tools. The compiler checks the validity of the Test_Case pragma, but its presence does not lead to any modification of the code generated by the compiler.

Test_Case pragmas may only appear immediately following the (separate) declaration of a subprogram in a package declaration, inside a package spec unit. Only other pragmas may intervene (that is appear between the subprogram declaration and a test case).

The compiler checks that boolean expressions given in Requires and Ensures are valid, where the rules for Requires are the same as the rule for an expression in Precondition and the rules for Ensures are the same as the rule for an expression in Postcondition. In particular, attributes 'Old and 'Result can only be used within the Ensures expression. The following is an example of use within a package spec:

package Math_Functions is
   ...
   function Sqrt (Arg : Float) return Float;
   pragma Test_Case (Name     => "Test 1",
                     Mode     => Nominal,
                     Requires => Arg < 10000.0,
                     Ensures  => Sqrt'Result < 10.0);
   ...
end Math_Functions;

The meaning of a test case is that there is at least one context where Requires holds such that, if the associated subprogram is executed in that context, then Ensures holds when the subprogram returns. Mode Nominal indicates that the input context should also satisfy the precondition of the subprogram, and the output context should also satisfy its postcondition. Mode Robustness indicates that the precondition and postcondition of the subprogram should be ignored for this test case.


2.179 Pragma Thread_Local_Storage

Syntax:

pragma Thread_Local_Storage ([Entity =>] LOCAL_NAME);

This pragma specifies that the specified entity, which must be a variable declared in a library-level package, is to be marked as "Thread Local Storage" (TLS). On systems supporting this (which include Windows, Solaris, GNU/Linux, and VxWorks 6), this causes each thread (and hence each Ada task) to see a distinct copy of the variable.

The variable must not have default initialization, and if there is an explicit initialization, it must be either null for an access variable, a static expression for a scalar variable, or a fully static aggregate for a composite type, that is to say, an aggregate all of whose components are static, and which does not include packed or discriminated components.

This provides a low-level mechanism similar to that provided by the Ada.Task_Attributes package, but much more efficient and is also useful in writing interface code that will interact with foreign threads.

If this pragma is used on a system where TLS is not supported, then an error message will be generated and the program will be rejected.


2.180 Pragma Time_Slice

Syntax:

pragma Time_Slice (static_duration_EXPRESSION);

For implementations of GNAT on operating systems where it is possible to supply a time slice value, this pragma may be used for this purpose. It is ignored if it is used in a system that does not allow this control, or if it appears in other than the main program unit.


2.181 Pragma Title

Syntax:

pragma Title (TITLING_OPTION [, TITLING OPTION]);

TITLING_OPTION ::=
  [Title    =>] STRING_LITERAL,
| [Subtitle =>] STRING_LITERAL

Syntax checked but otherwise ignored by GNAT. This is a listing control pragma used in DEC Ada 83 implementations to provide a title and/or subtitle for the program listing. The program listing generated by GNAT does not have titles or subtitles.

Unlike other pragmas, the full flexibility of named notation is allowed for this pragma, i.e., the parameters may be given in any order if named notation is used, and named and positional notation can be mixed following the normal rules for procedure calls in Ada.


2.182 Pragma Type_Invariant

Syntax:

pragma Type_Invariant
  ([Entity =>] type_LOCAL_NAME,
   [Check  =>] EXPRESSION);

The Type_Invariant pragma is intended to be an exact replacement for the language-defined Type_Invariant aspect, and shares its restrictions and semantics. It differs from the language defined Invariant pragma in that it does not permit a string parameter, and it is controlled by the assertion identifier Type_Invariant rather than Invariant.


2.183 Pragma Type_Invariant_Class

Syntax:

pragma Type_Invariant_Class
  ([Entity =>] type_LOCAL_NAME,
   [Check  =>] EXPRESSION);

The Type_Invariant_Class pragma is intended to be an exact replacement for the language-defined Type_Invariant'Class aspect, and shares its restrictions and semantics.

Note: This pragma is called Type_Invariant_Class rather than Type_Invariant'Class because the latter would not be strictly conforming to the allowed syntax for pragmas. The motivation for providing pragmas equivalent to the aspects is to allow a program to be written using the pragmas, and then compiled if necessary using an Ada compiler that does not recognize the pragmas or aspects, but is prepared to ignore the pragmas. The assertion policy that controls this pragma is Type_Invariant'Class, not Type_Invariant_Class.


2.184 Pragma Unchecked_Union

Syntax:

pragma Unchecked_Union (first_subtype_LOCAL_NAME);

This pragma is used to specify a representation of a record type that is equivalent to a C union. It was introduced as a GNAT implementation defined pragma in the GNAT Ada 95 mode. Ada 2005 includes an extended version of this pragma, making it language defined, and GNAT fully implements this extended version in all language modes (Ada 83, Ada 95, and Ada 2005). For full details, consult the Ada 2012 Reference Manual, section B.3.3.


2.185 Pragma Unevaluated_Use_Of_Old

Syntax:

pragma Unevaluated_Use_Of_Old (Error | Warn | Allow);

This pragma controls the processing of attributes Old and Loop_Entry. If either of these attributes is used in a potentially unevaluated expression (e.g. the then or else parts of an if expression), then normally this usage is considered illegal if the prefix of the attribute is other than an entity name. The language requires this behavior for Old, and GNAT copies the same rule for Loop_Entry.

The reason for this rule is that otherwise, we can have a situation where we save the Old value, and this results in an exception, even though we might not evaluate the attribute. Consider this example:

package UnevalOld is
   K : Character;
   procedure U (A : String; C : Boolean)  -- ERROR
     with Post => (if C then A(1)'Old = K else True);
end;

If procedure U is called with a string with a lower bound of 2, and C false, then an exception would be raised trying to evaluate A(1) on entry even though the value would not be actually used.

Although the rule guarantees against this possibility, it is sometimes too restrictive. For example if we know that the string has a lower bound of 1, then we will never raise an exception. The pragma Unevaluated_Use_Of_Old can be used to modify this behavior. If the argument is Error then an error is given (this is the default RM behavior). If the argument is Warn then the usage is allowed as legal but with a warning that an exception might be raised. If the argument is Allow then the usage is allowed as legal without generating a warning.

This pragma may appear as a configuration pragma, or in a declarative part or package specification. In the latter case it applies to uses up to the end of the corresponding statement sequence or sequence of package declarations.


2.186 Pragma Unimplemented_Unit

Syntax:

pragma Unimplemented_Unit;

If this pragma occurs in a unit that is processed by the compiler, GNAT aborts with the message xxx not implemented, where xxx is the name of the current compilation unit. This pragma is intended to allow the compiler to handle unimplemented library units in a clean manner.

The abort only happens if code is being generated. Thus you can use specs of unimplemented packages in syntax or semantic checking mode.


2.187 Pragma Universal_Aliasing

Syntax:

pragma Universal_Aliasing [([Entity =>] type_LOCAL_NAME)];

type_LOCAL_NAME must refer to a type declaration in the current declarative part. The effect is to inhibit strict type-based aliasing optimization for the given type. In other words, the effect is as though access types designating this type were subject to pragma No_Strict_Aliasing. For a detailed description of the strict aliasing optimization, and the situations in which it must be suppressed, see the section on Optimization and Strict Aliasing in the GNAT User’s Guide.


2.188 Pragma Universal_Data

Syntax:

pragma Universal_Data [(library_unit_Name)];

This pragma is supported only for the AAMP target and is ignored for other targets. The pragma specifies that all library-level objects (Counter 0 data) associated with the library unit are to be accessed and updated using universal addressing (24-bit addresses for AAMP5) rather than the default of 16-bit Data Environment (DENV) addressing. Use of this pragma will generally result in less efficient code for references to global data associated with the library unit, but allows such data to be located anywhere in memory. This pragma is a library unit pragma, but can also be used as a configuration pragma (including use in the gnat.adc file). The functionality of this pragma is also available by applying the -univ switch on the compilations of units where universal addressing of the data is desired.


2.189 Pragma Unmodified

Syntax:

pragma Unmodified (LOCAL_NAME {, LOCAL_NAME});

This pragma signals that the assignable entities (variables, out parameters, in out parameters) whose names are listed are deliberately not assigned in the current source unit. This suppresses warnings about the entities being referenced but not assigned, and in addition a warning will be generated if one of these entities is in fact assigned in the same unit as the pragma (or in the corresponding body, or one of its subunits).

This is particularly useful for clearly signaling that a particular parameter is not modified, even though the spec suggests that it might be.

For the variable case, warnings are never given for unreferenced variables whose name contains one of the substrings DISCARD, DUMMY, IGNORE, JUNK, UNUSED in any casing. Such names are typically to be used in cases where such warnings are expected. Thus it is never necessary to use pragma Unmodified for such variables, though it is harmless to do so.


2.190 Pragma Unreferenced

Syntax:

pragma Unreferenced (LOCAL_NAME {, LOCAL_NAME});
pragma Unreferenced (library_unit_NAME {, library_unit_NAME});

This pragma signals that the entities whose names are listed are deliberately not referenced in the current source unit after the occurrence of the pragma. This suppresses warnings about the entities being unreferenced, and in addition a warning will be generated if one of these entities is in fact subsequently referenced in the same unit as the pragma (or in the corresponding body, or one of its subunits).

This is particularly useful for clearly signaling that a particular parameter is not referenced in some particular subprogram implementation and that this is deliberate. It can also be useful in the case of objects declared only for their initialization or finalization side effects.

If LOCAL_NAME identifies more than one matching homonym in the current scope, then the entity most recently declared is the one to which the pragma applies. Note that in the case of accept formals, the pragma Unreferenced may appear immediately after the keyword do which allows the indication of whether or not accept formals are referenced or not to be given individually for each accept statement.

The left hand side of an assignment does not count as a reference for the purpose of this pragma. Thus it is fine to assign to an entity for which pragma Unreferenced is given.

Note that if a warning is desired for all calls to a given subprogram, regardless of whether they occur in the same unit as the subprogram declaration, then this pragma should not be used (calls from another unit would not be flagged); pragma Obsolescent can be used instead for this purpose, see Pragma Obsolescent.

The second form of pragma Unreferenced is used within a context clause. In this case the arguments must be unit names of units previously mentioned in with clauses (similar to the usage of pragma Elaborate_All. The effect is to suppress warnings about unreferenced units and unreferenced entities within these units.

For the variable case, warnings are never given for unreferenced variables whose name contains one of the substrings DISCARD, DUMMY, IGNORE, JUNK, UNUSED in any casing. Such names are typically to be used in cases where such warnings are expected. Thus it is never necessary to use pragma Unreferenced for such variables, though it is harmless to do so.


2.191 Pragma Unreferenced_Objects

Syntax:

pragma Unreferenced_Objects (local_subtype_NAME {, local_subtype_NAME});

This pragma signals that for the types or subtypes whose names are listed, objects which are declared with one of these types or subtypes may not be referenced, and if no references appear, no warnings are given.

This is particularly useful for objects which are declared solely for their initialization and finalization effect. Such variables are sometimes referred to as RAII variables (Resource Acquisition Is Initialization). Using this pragma on the relevant type (most typically a limited controlled type), the compiler will automatically suppress unwanted warnings about these variables not being referenced.


2.192 Pragma Unreserve_All_Interrupts

Syntax:

pragma Unreserve_All_Interrupts;

Normally certain interrupts are reserved to the implementation. Any attempt to attach an interrupt causes Program_Error to be raised, as described in RM C.3.2(22). A typical example is the SIGINT interrupt used in many systems for a Ctrl-C interrupt. Normally this interrupt is reserved to the implementation, so that Ctrl-C can be used to interrupt execution.

If the pragma Unreserve_All_Interrupts appears anywhere in any unit in a program, then all such interrupts are unreserved. This allows the program to handle these interrupts, but disables their standard functions. For example, if this pragma is used, then pressing Ctrl-C will not automatically interrupt execution. However, a program can then handle the SIGINT interrupt as it chooses.

For a full list of the interrupts handled in a specific implementation, see the source code for the spec of Ada.Interrupts.Names in file a-intnam.ads. This is a target dependent file that contains the list of interrupts recognized for a given target. The documentation in this file also specifies what interrupts are affected by the use of the Unreserve_All_Interrupts pragma.

For a more general facility for controlling what interrupts can be handled, see pragma Interrupt_State, which subsumes the functionality of the Unreserve_All_Interrupts pragma.


2.193 Pragma Unsuppress

Syntax:

pragma Unsuppress (IDENTIFIER [, [On =>] NAME]);

This pragma undoes the effect of a previous pragma Suppress. If there is no corresponding pragma Suppress in effect, it has no effect. The range of the effect is the same as for pragma Suppress. The meaning of the arguments is identical to that used in pragma Suppress.

One important application is to ensure that checks are on in cases where code depends on the checks for its correct functioning, so that the code will compile correctly even if the compiler switches are set to suppress checks. For example, in a program that depends on external names of tagged types and wants to ensure that the duplicated tag check occurs even if all run-time checks are suppressed by a compiler switch, the following configuration pragma will ensure this test is not suppressed:

pragma Unsuppress (Duplicated_Tag_Check);

This pragma is standard in Ada 2005. It is available in all earlier versions of Ada as an implementation-defined pragma.

Note that in addition to the checks defined in the Ada RM, GNAT recogizes a number of implementation-defined check names. See the description of pragma Suppress for full details.


2.194 Pragma Use_VADS_Size

Syntax:

pragma Use_VADS_Size;

This is a configuration pragma. In a unit to which it applies, any use of the ’Size attribute is automatically interpreted as a use of the ’VADS_Size attribute. Note that this may result in incorrect semantic processing of valid Ada 95 or Ada 2005 programs. This is intended to aid in the handling of existing code which depends on the interpretation of Size as implemented in the VADS compiler. See description of the VADS_Size attribute for further details.


2.195 Pragma Unused

Syntax:

pragma Unused (LOCAL_NAME {, LOCAL_NAME});

This pragma signals that the assignable entities (variables, out parameters, and in out parameters) whose names are listed deliberately do not get assigned or referenced in the current source unit after the occurrence of the pragma in the current source unit. This suppresses warnings about the entities that are unreferenced and/or not assigned, and, in addition, a warning will be generated if one of these entities gets assigned or subsequently referenced in the same unit as the pragma (in the corresponding body or one of its subunits).

This is particularly useful for clearly signaling that a particular parameter is not modified or referenced, even though the spec suggests that it might be.

For the variable case, warnings are never given for unreferenced variables whose name contains one of the substrings DISCARD, DUMMY, IGNORE, JUNK, UNUSED in any casing. Such names are typically to be used in cases where such warnings are expected. Thus it is never necessary to use pragma Unmodified for such variables, though it is harmless to do so.


2.196 Pragma Validity_Checks

Syntax:

pragma Validity_Checks (string_LITERAL | ALL_CHECKS | On | Off);

This pragma is used in conjunction with compiler switches to control the built-in validity checking provided by GNAT. The compiler switches, if set provide an initial setting for the switches, and this pragma may be used to modify these settings, or the settings may be provided entirely by the use of the pragma. This pragma can be used anywhere that a pragma is legal, including use as a configuration pragma (including use in the gnat.adc file).

The form with a string literal specifies which validity options are to be activated. The validity checks are first set to include only the default reference manual settings, and then a string of letters in the string specifies the exact set of options required. The form of this string is exactly as described for the `-gnatVx' compiler switch (see the GNAT User’s Guide for details). For example the following two methods can be used to enable validity checking for mode in and in out subprogram parameters:

  • *
    pragma Validity_Checks ("im");
    
  • *
    $ gcc -c -gnatVim ...
    

The form ALL_CHECKS activates all standard checks (its use is equivalent to the use of the gnatVa switch).

The forms with Off and On can be used to temporarily disable validity checks as shown in the following example:

pragma Validity_Checks ("c"); -- validity checks for copies
pragma Validity_Checks (Off); -- turn off validity checks
A := B;                       -- B will not be validity checked
pragma Validity_Checks (On);  -- turn validity checks back on
A := C;                       -- C will be validity checked

2.197 Pragma Volatile

Syntax:

pragma Volatile (LOCAL_NAME);

This pragma is defined by the Ada Reference Manual, and the GNAT implementation is fully conformant with this definition. The reason it is mentioned in this section is that a pragma of the same name was supplied in some Ada 83 compilers, including DEC Ada 83. The Ada 95 / Ada 2005 implementation of pragma Volatile is upwards compatible with the implementation in DEC Ada 83.


2.198 Pragma Volatile_Full_Access

Syntax:

pragma Volatile_Full_Access (LOCAL_NAME);

This is similar in effect to pragma Volatile, except that any reference to the object is guaranteed to be done only with instructions that read or write all the bits of the object. Furthermore, if the object is of a composite type, then any reference to a subcomponent of the object is guaranteed to read and/or write all the bits of the object.

The intention is that this be suitable for use with memory-mapped I/O devices on some machines. Note that there are two important respects in which this is different from pragma Atomic. First a reference to a Volatile_Full_Access object is not a sequential action in the RM 9.10 sense and, therefore, does not create a synchronization point. Second, in the case of pragma Atomic, there is no guarantee that all the bits will be accessed if the reference is not to the whole object; the compiler is allowed (and generally will) access only part of the object in this case.


2.199 Pragma Volatile_Function

Syntax:

pragma Volatile_Function [ (boolean_EXPRESSION) ];

For the semantics of this pragma, see the entry for aspect Volatile_Function in the SPARK 2014 Reference Manual, section 7.1.2.


2.200 Pragma Warning_As_Error

Syntax:

pragma Warning_As_Error (static_string_EXPRESSION);

This configuration pragma allows the programmer to specify a set of warnings that will be treated as errors. Any warning that matches the pattern given by the pragma argument will be treated as an error. This gives more precise control than -gnatwe, which treats warnings as errors.

This pragma can apply to regular warnings (messages enabled by -gnatw) and to style warnings (messages that start with "(style)", enabled by -gnaty).

The pattern may contain asterisks, which match zero or more characters in the message. For example, you can use pragma Warning_As_Error ("bits of*unused") to treat the warning message warning: 960 bits of "a" unused as an error. All characters other than asterisk are treated as literal characters in the match. The match is case insensitive; for example XYZ matches xyz.

Note that the pattern matches if it occurs anywhere within the warning message string (it is not necessary to put an asterisk at the start and the end of the message, since this is implied).

Another possibility for the static_string_EXPRESSION which works whether or not error tags are enabled (`-gnatw.d') is to use a single `-gnatw' tag string, enclosed in brackets, as shown in the example below, to treat one category of warnings as errors. Note that if you want to treat multiple categories of warnings as errors, you can use multiple pragma Warning_As_Error.

The above use of patterns to match the message applies only to warning messages generated by the front end. This pragma can also be applied to warnings provided by the back end and mentioned in Pragma Warnings. By using a single full `-Wxxx' switch in the pragma, such warnings can also be treated as errors.

The pragma can appear either in a global configuration pragma file (e.g. gnat.adc), or at the start of a file. Given a global configuration pragma file containing:

pragma Warning_As_Error ("[-gnatwj]");

which will treat all obsolescent feature warnings as errors, the following program compiles as shown (compile options here are `-gnatwa.d -gnatl -gnatj55').

    1. pragma Warning_As_Error ("*never assigned*");
    2. function Warnerr return String is
    3.    X : Integer;
          |
       >>> error: variable "X" is never read and
           never assigned [-gnatwv] [warning-as-error]

    4.    Y : Integer;
          |
       >>> warning: variable "Y" is assigned but
           never read [-gnatwu]

    5. begin
    6.    Y := 0;
    7.    return %ABC%;
                 |
       >>> error: use of "%" is an obsolescent
           feature (RM J.2(4)), use """ instead
           [-gnatwj] [warning-as-error]

    8. end;

8 lines: No errors, 3 warnings (2 treated as errors)

Note that this pragma does not affect the set of warnings issued in any way, it merely changes the effect of a matching warning if one is produced as a result of other warnings options. As shown in this example, if the pragma results in a warning being treated as an error, the tag is changed from "warning:" to "error:" and the string "[warning-as-error]" is appended to the end of the message.


2.201 Pragma Warnings

Syntax:

pragma Warnings ([TOOL_NAME,] DETAILS [, REASON]);

DETAILS ::= On | Off
DETAILS ::= On | Off, local_NAME
DETAILS ::= static_string_EXPRESSION
DETAILS ::= On | Off, static_string_EXPRESSION

TOOL_NAME ::= GNAT | GNATprove

REASON ::= Reason => STRING_LITERAL {& STRING_LITERAL}

Note: in Ada 83 mode, a string literal may be used in place of a static string expression (which does not exist in Ada 83).

Note if the second argument of DETAILS is a local_NAME then the second form is always understood. If the intention is to use the fourth form, then you can write NAME & "" to force the intepretation as a `static_string_EXPRESSION'.

Note: if the first argument is a valid TOOL_NAME, it will be interpreted that way. The use of the TOOL_NAME argument is relevant only to users of SPARK and GNATprove, see last part of this section for details.

Normally warnings are enabled, with the output being controlled by the command line switch. Warnings (Off) turns off generation of warnings until a Warnings (On) is encountered or the end of the current unit. If generation of warnings is turned off using this pragma, then some or all of the warning messages are suppressed, regardless of the setting of the command line switches.

The Reason parameter may optionally appear as the last argument in any of the forms of this pragma. It is intended purely for the purposes of documenting the reason for the Warnings pragma. The compiler will check that the argument is a static string but otherwise ignore this argument. Other tools may provide specialized processing for this string.

The form with a single argument (or two arguments if Reason present), where the first argument is ON or OFF may be used as a configuration pragma.

If the LOCAL_NAME parameter is present, warnings are suppressed for the specified entity. This suppression is effective from the point where it occurs till the end of the extended scope of the variable (similar to the scope of Suppress). This form cannot be used as a configuration pragma.

In the case where the first argument is other than ON or OFF, the third form with a single static_string_EXPRESSION argument (and possible reason) provides more precise control over which warnings are active. The string is a list of letters specifying which warnings are to be activated and which deactivated. The code for these letters is the same as the string used in the command line switch controlling warnings. For a brief summary, use the gnatmake command with no arguments, which will generate usage information containing the list of warnings switches supported. For full details see the section on Warning Message Control in the GNAT User’s Guide. This form can also be used as a configuration pragma.

The warnings controlled by the -gnatw switch are generated by the front end of the compiler. The GCC back end can provide additional warnings and they are controlled by the -W switch. Such warnings can be identified by the appearance of a string of the form [-W{xxx}] in the message which designates the -W`xxx' switch that controls the message. The form with a single `static_string_EXPRESSION' argument also works for these warnings, but the string must be a single full -W`xxx' switch in this case. The above reference lists a few examples of these additional warnings.

The specified warnings will be in effect until the end of the program or another pragma Warnings is encountered. The effect of the pragma is cumulative. Initially the set of warnings is the standard default set as possibly modified by compiler switches. Then each pragma Warning modifies this set of warnings as specified. This form of the pragma may also be used as a configuration pragma.

The fourth form, with an On|Off parameter and a string, is used to control individual messages, based on their text. The string argument is a pattern that is used to match against the text of individual warning messages (not including the initial "warning: " tag).

The pattern may contain asterisks, which match zero or more characters in the message. For example, you can use pragma Warnings (Off, "bits of*unused") to suppress the warning message warning: 960 bits of "a" unused. No other regular expression notations are permitted. All characters other than asterisk in these three specific cases are treated as literal characters in the match. The match is case insensitive, for example XYZ matches xyz.

Note that the pattern matches if it occurs anywhere within the warning message string (it is not necessary to put an asterisk at the start and the end of the message, since this is implied).

The above use of patterns to match the message applies only to warning messages generated by the front end. This form of the pragma with a string argument can also be used to control warnings provided by the back end and mentioned above. By using a single full -W`xxx' switch in the pragma, such warnings can be turned on and off.

There are two ways to use the pragma in this form. The OFF form can be used as a configuration pragma. The effect is to suppress all warnings (if any) that match the pattern string throughout the compilation (or match the -W switch in the back end case).

The second usage is to suppress a warning locally, and in this case, two pragmas must appear in sequence:

pragma Warnings (Off, Pattern);
... code where given warning is to be suppressed
pragma Warnings (On, Pattern);

In this usage, the pattern string must match in the Off and On pragmas, and (if `-gnatw.w' is given) at least one matching warning must be suppressed.

Note: if the ON form is not found, then the effect of the OFF form extends until the end of the file (pragma Warnings is purely textual, so its effect does not stop at the end of the enclosing scope).

Note: to write a string that will match any warning, use the string "***". It will not work to use a single asterisk or two asterisks since this looks like an operator name. This form with three asterisks is similar in effect to specifying pragma Warnings (Off) except (if -gnatw.w is given) that a matching pragma Warnings (On, "***") will be required. This can be helpful in avoiding forgetting to turn warnings back on.

Note: the debug flag -gnatd.i can be used to cause the compiler to entirely ignore all WARNINGS pragmas. This can be useful in checking whether obsolete pragmas in existing programs are hiding real problems.

Note: pragma Warnings does not affect the processing of style messages. See separate entry for pragma Style_Checks for control of style messages.

Users of the formal verification tool GNATprove for the SPARK subset of Ada may use the version of the pragma with a TOOL_NAME parameter.

If present, TOOL_NAME is the name of a tool, currently either GNAT for the compiler or GNATprove for the formal verification tool. A given tool only takes into account pragma Warnings that do not specify a tool name, or that specify the matching tool name. This makes it possible to disable warnings selectively for each tool, and as a consequence to detect useless pragma Warnings with switch -gnatw.w.


2.202 Pragma Weak_External

Syntax:

pragma Weak_External ([Entity =>] LOCAL_NAME);

LOCAL_NAME must refer to an object that is declared at the library level. This pragma specifies that the given entity should be marked as a weak symbol for the linker. It is equivalent to __attribute__((weak)) in GNU C and causes LOCAL_NAME to be emitted as a weak symbol instead of a regular symbol, that is to say a symbol that does not have to be resolved by the linker if used in conjunction with a pragma Import.

When a weak symbol is not resolved by the linker, its address is set to zero. This is useful in writing interfaces to external modules that may or may not be linked in the final executable, for example depending on configuration settings.

If a program references at run time an entity to which this pragma has been applied, and the corresponding symbol was not resolved at link time, then the execution of the program is erroneous. It is not erroneous to take the Address of such an entity, for example to guard potential references, as shown in the example below.

Some file formats do not support weak symbols so not all target machines support this pragma.

--  Example of the use of pragma Weak_External

package External_Module is
  key : Integer;
  pragma Import (C, key);
  pragma Weak_External (key);
  function Present return boolean;
end External_Module;

with System; use System;
package body External_Module is
  function Present return boolean is
  begin
    return key'Address /= System.Null_Address;
  end Present;
end External_Module;

2.203 Pragma Wide_Character_Encoding

Syntax:

pragma Wide_Character_Encoding (IDENTIFIER | CHARACTER_LITERAL);

This pragma specifies the wide character encoding to be used in program source text appearing subsequently. It is a configuration pragma, but may also be used at any point that a pragma is allowed, and it is permissible to have more than one such pragma in a file, allowing multiple encodings to appear within the same file.

However, note that the pragma cannot immediately precede the relevant wide character, because then the previous encoding will still be in effect, causing "illegal character" errors.

The argument can be an identifier or a character literal. In the identifier case, it is one of HEX, UPPER, SHIFT_JIS, EUC, UTF8, or BRACKETS. In the character literal case it is correspondingly one of the characters h, u, s, e, 8, or b.

Note that when the pragma is used within a file, it affects only the encoding within that file, and does not affect withed units, specs, or subunits.


3 Implementation Defined Aspects

Ada defines (throughout the Ada 2012 reference manual, summarized in Annex K) a set of aspects that can be specified for certain entities. These language defined aspects are implemented in GNAT in Ada 2012 mode and work as described in the Ada 2012 Reference Manual.

In addition, Ada 2012 allows implementations to define additional aspects whose meaning is defined by the implementation. GNAT provides a number of these implementation-defined aspects which can be used to extend and enhance the functionality of the compiler. This section of the GNAT reference manual describes these additional aspects.

Note that any program using these aspects may not be portable to other compilers (although GNAT implements this set of aspects on all platforms). Therefore if portability to other compilers is an important consideration, you should minimize the use of these aspects.

Note that for many of these aspects, the effect is essentially similar to the use of a pragma or attribute specification with the same name applied to the entity. For example, if we write:

type R is range 1 .. 100
  with Value_Size => 10;

then the effect is the same as:

type R is range 1 .. 100;
for R'Value_Size use 10;

and if we write:

type R is new Integer
  with Shared => True;

then the effect is the same as:

type R is new Integer;
pragma Shared (R);

In the documentation below, such cases are simply marked as being boolean aspects equivalent to the corresponding pragma or attribute definition clause.


3.1 Aspect Abstract_State

This aspect is equivalent to pragma Abstract_State.


3.2 Aspect Annotate

There are three forms of this aspect (where ID is an identifier, and ARG is a general expression), corresponding to pragma Annotate.

`Annotate => ID'

Equivalent to pragma Annotate (ID, Entity => Name);

`Annotate => (ID)'

Equivalent to pragma Annotate (ID, Entity => Name);

`Annotate => (ID ,ID {, ARG})'

Equivalent to pragma Annotate (ID, ID {, ARG}, Entity => Name);


3.3 Aspect Async_Readers

This boolean aspect is equivalent to pragma Async_Readers.


3.4 Aspect Async_Writers

This boolean aspect is equivalent to pragma Async_Writers.


3.5 Aspect Constant_After_Elaboration

This aspect is equivalent to pragma Constant_After_Elaboration.


3.6 Aspect Contract_Cases

This aspect is equivalent to pragma Contract_Cases, the sequence of clauses being enclosed in parentheses so that syntactically it is an aggregate.


3.7 Aspect Depends

This aspect is equivalent to pragma Depends.


3.8 Aspect Default_Initial_Condition

This aspect is equivalent to pragma Default_Initial_Condition.


3.9 Aspect Dimension

The Dimension aspect is used to specify the dimensions of a given subtype of a dimensioned numeric type. The aspect also specifies a symbol used when doing formatted output of dimensioned quantities. The syntax is:

with Dimension =>
  ([Symbol =>] SYMBOL, DIMENSION_VALUE {, DIMENSION_Value})

SYMBOL ::= STRING_LITERAL | CHARACTER_LITERAL

DIMENSION_VALUE ::=
  RATIONAL
| others               => RATIONAL
| DISCRETE_CHOICE_LIST => RATIONAL

RATIONAL ::= [-] NUMERIC_LITERAL [/ NUMERIC_LITERAL]

This aspect can only be applied to a subtype whose parent type has a Dimension_System aspect. The aspect must specify values for all dimensions of the system. The rational values are the powers of the corresponding dimensions that are used by the compiler to verify that physical (numeric) computations are dimensionally consistent. For example, the computation of a force must result in dimensions (L => 1, M => 1, T => -2). For further examples of the usage of this aspect, see package System.Dim.Mks. Note that when the dimensioned type is an integer type, then any dimension value must be an integer literal.


3.10 Aspect Dimension_System

The Dimension_System aspect is used to define a system of dimensions that will be used in subsequent subtype declarations with Dimension aspects that reference this system. The syntax is:

with Dimension_System => (DIMENSION {, DIMENSION});

DIMENSION ::= ([Unit_Name   =>] IDENTIFIER,
               [Unit_Symbol =>] SYMBOL,
               [Dim_Symbol  =>] SYMBOL)

SYMBOL ::= CHARACTER_LITERAL | STRING_LITERAL

This aspect is applied to a type, which must be a numeric derived type (typically a floating-point type), that will represent values within the dimension system. Each DIMENSION corresponds to one particular dimension. A maximum of 7 dimensions may be specified. Unit_Name is the name of the dimension (for example Meter). Unit_Symbol is the shorthand used for quantities of this dimension (for example m for Meter). Dim_Symbol gives the identification within the dimension system (typically this is a single letter, e.g. L standing for length for unit name Meter). The Unit_Symbol is used in formatted output of dimensioned quantities. The Dim_Symbol is used in error messages when numeric operations have inconsistent dimensions.

GNAT provides the standard definition of the International MKS system in the run-time package System.Dim.Mks. You can easily define similar packages for cgs units or British units, and define conversion factors between values in different systems. The MKS system is characterized by the following aspect:

type Mks_Type is new Long_Long_Float with
  Dimension_System => (
    (Unit_Name => Meter,    Unit_Symbol => 'm',   Dim_Symbol => 'L'),
    (Unit_Name => Kilogram, Unit_Symbol => "kg",  Dim_Symbol => 'M'),
    (Unit_Name => Second,   Unit_Symbol => 's',   Dim_Symbol => 'T'),
    (Unit_Name => Ampere,   Unit_Symbol => 'A',   Dim_Symbol => 'I'),
    (Unit_Name => Kelvin,   Unit_Symbol => 'K',   Dim_Symbol => '@'),
    (Unit_Name => Mole,     Unit_Symbol => "mol", Dim_Symbol => 'N'),
    (Unit_Name => Candela,  Unit_Symbol => "cd",  Dim_Symbol => 'J'));

Note that in the above type definition, we use the at symbol (@) to represent a theta character (avoiding the use of extended Latin-1 characters in this context).

See section ’Performing Dimensionality Analysis in GNAT’ in the GNAT Users Guide for detailed examples of use of the dimension system.


3.11 Aspect Disable_Controlled

The aspect Disable_Controlled is defined for controlled record types. If active, this aspect causes suppression of all related calls to Initialize, Adjust, and Finalize. The intended use is for conditional compilation, where for example you might want a record to be controlled or not depending on whether some run-time check is enabled or suppressed.


3.12 Aspect Effective_Reads

This aspect is equivalent to pragma Effective_Reads.


3.13 Aspect Effective_Writes

This aspect is equivalent to pragma Effective_Writes.


3.14 Aspect Extensions_Visible

This aspect is equivalent to pragma Extensions_Visible.


3.15 Aspect Favor_Top_Level

This boolean aspect is equivalent to pragma Favor_Top_Level.


3.16 Aspect Ghost

This aspect is equivalent to pragma Ghost.


3.17 Aspect Global

This aspect is equivalent to pragma Global.


3.18 Aspect Initial_Condition

This aspect is equivalent to pragma Initial_Condition.


3.19 Aspect Initializes

This aspect is equivalent to pragma Initializes.


3.20 Aspect Inline_Always

This boolean aspect is equivalent to pragma Inline_Always.


3.21 Aspect Invariant

This aspect is equivalent to pragma Invariant. It is a synonym for the language defined aspect Type_Invariant except that it is separately controllable using pragma Assertion_Policy.


3.22 Aspect Invariant’Class

This aspect is equivalent to pragma Type_Invariant_Class. It is a synonym for the language defined aspect Type_Invariant'Class except that it is separately controllable using pragma Assertion_Policy.


3.23 Aspect Iterable

This aspect provides a light-weight mechanism for loops and quantified expressions over container types, without the overhead imposed by the tampering checks of standard Ada 2012 iterators. The value of the aspect is an aggregate with six named components, of which the last three are optional: First, Next, Has_Element, Element, Last, and Previous. When only the first three components are specified, only the for .. in form of iteration over cursors is available. When Element is specified, both this form and the for .. of form of iteration over elements are available. If the last two components are specified, reverse iterations over the container can be specified (analogous to what can be done over predefined containers that support the Reverse_Iterator interface). The following is a typical example of use:

type List is private with
    Iterable => (First        => First_Cursor,
                 Next         => Advance,
                 Has_Element  => Cursor_Has_Element,
                [Element      => Get_Element]);
  • * The value denoted by First must denote a primitive operation of the container type that returns a Cursor, which must a be a type declared in the container package or visible from it. For example:
function First_Cursor (Cont : Container) return Cursor;
  • * The value of Next is a primitive operation of the container type that takes both a container and a cursor and yields a cursor. For example:
function Advance (Cont : Container; Position : Cursor) return Cursor;
  • * The value of Has_Element is a primitive operation of the container type that takes both a container and a cursor and yields a boolean. For example:
function Cursor_Has_Element (Cont : Container; Position : Cursor) return Boolean;
  • * The value of Element is a primitive operation of the container type that takes both a container and a cursor and yields an Element_Type, which must be a type declared in the container package or visible from it. For example:
function Get_Element (Cont : Container; Position : Cursor) return Element_Type;

This aspect is used in the GNAT-defined formal container packages.


3.24 Aspect Linker_Section

This aspect is equivalent to pragma Linker_Section.


3.25 Aspect Lock_Free

This boolean aspect is equivalent to pragma Lock_Free.


3.26 Aspect Max_Queue_Length

This aspect is equivalent to pragma Max_Queue_Length.


3.27 Aspect No_Caching

This boolean aspect is equivalent to pragma No_Caching.


3.28 Aspect No_Elaboration_Code_All

This aspect is equivalent to pragma No_Elaboration_Code_All for a program unit.


3.29 Aspect No_Inline

This boolean aspect is equivalent to pragma No_Inline.


3.30 Aspect No_Tagged_Streams

This aspect is equivalent to pragma No_Tagged_Streams with an argument specifying a root tagged type (thus this aspect can only be applied to such a type).


3.31 Aspect Object_Size

This aspect is equivalent to attribute Object_Size.


3.32 Aspect Obsolescent

This aspect is equivalent to pragma Obsolescent. Note that the evaluation of this aspect happens at the point of occurrence, it is not delayed until the freeze point.


3.33 Aspect Part_Of

This aspect is equivalent to pragma Part_Of.


3.34 Aspect Persistent_BSS

This boolean aspect is equivalent to pragma Persistent_BSS.


3.35 Aspect Predicate

This aspect is equivalent to pragma Predicate. It is thus similar to the language defined aspects Dynamic_Predicate and Static_Predicate except that whether the resulting predicate is static or dynamic is controlled by the form of the expression. It is also separately controllable using pragma Assertion_Policy.


3.36 Aspect Pure_Function

This boolean aspect is equivalent to pragma Pure_Function.


3.37 Aspect Refined_Depends

This aspect is equivalent to pragma Refined_Depends.


3.38 Aspect Refined_Global

This aspect is equivalent to pragma Refined_Global.


3.39 Aspect Refined_Post

This aspect is equivalent to pragma Refined_Post.


3.40 Aspect Refined_State

This aspect is equivalent to pragma Refined_State.


3.41 Aspect Relaxed_Initialization

For the syntax and semantics of this aspect, see the SPARK 2014 Reference Manual, section 6.10.


3.42 Aspect Remote_Access_Type

This aspect is equivalent to pragma Remote_Access_Type.


3.43 Aspect Secondary_Stack_Size

This aspect is equivalent to pragma Secondary_Stack_Size.


3.44 Aspect Scalar_Storage_Order

This aspect is equivalent to a attribute Scalar_Storage_Order.


3.45 Aspect Shared

This boolean aspect is equivalent to pragma Shared and is thus a synonym for aspect Atomic.


3.46 Aspect Simple_Storage_Pool

This aspect is equivalent to attribute Simple_Storage_Pool.


3.47 Aspect Simple_Storage_Pool_Type

This boolean aspect is equivalent to pragma Simple_Storage_Pool_Type.


3.48 Aspect SPARK_Mode

This aspect is equivalent to pragma SPARK_Mode and may be specified for either or both of the specification and body of a subprogram or package.


3.49 Aspect Suppress_Debug_Info

This boolean aspect is equivalent to pragma Suppress_Debug_Info.


3.50 Aspect Suppress_Initialization

This boolean aspect is equivalent to pragma Suppress_Initialization.


3.51 Aspect Test_Case

This aspect is equivalent to pragma Test_Case.


3.52 Aspect Thread_Local_Storage

This boolean aspect is equivalent to pragma Thread_Local_Storage.


3.53 Aspect Universal_Aliasing

This boolean aspect is equivalent to pragma Universal_Aliasing.


3.54 Aspect Universal_Data

This aspect is equivalent to pragma Universal_Data.


3.55 Aspect Unmodified

This boolean aspect is equivalent to pragma Unmodified.


3.56 Aspect Unreferenced

This boolean aspect is equivalent to pragma Unreferenced.

When using the -gnat2020 switch, this aspect is also supported on formal parameters, which is in particular the only form possible for expression functions.


3.57 Aspect Unreferenced_Objects

This boolean aspect is equivalent to pragma Unreferenced_Objects.


3.58 Aspect Value_Size

This aspect is equivalent to attribute Value_Size.


3.59 Aspect Volatile_Full_Access

This boolean aspect is equivalent to pragma Volatile_Full_Access.


3.60 Aspect Volatile_Function

This boolean aspect is equivalent to pragma Volatile_Function.


3.61 Aspect Warnings

This aspect is equivalent to the two argument form of pragma Warnings, where the first argument is ON or OFF and the second argument is the entity.


4 Implementation Defined Attributes

Ada defines (throughout the Ada reference manual, summarized in Annex K), a set of attributes that provide useful additional functionality in all areas of the language. These language defined attributes are implemented in GNAT and work as described in the Ada Reference Manual.

In addition, Ada allows implementations to define additional attributes whose meaning is defined by the implementation. GNAT provides a number of these implementation-dependent attributes which can be used to extend and enhance the functionality of the compiler. This section of the GNAT reference manual describes these additional attributes. It also describes additional implementation-dependent features of standard language-defined attributes.

Note that any program using these attributes may not be portable to other compilers (although GNAT implements this set of attributes on all platforms). Therefore if portability to other compilers is an important consideration, you should minimize the use of these attributes.


4.1 Attribute Abort_Signal

Standard'Abort_Signal (Standard is the only allowed prefix) provides the entity for the special exception used to signal task abort or asynchronous transfer of control. Normally this attribute should only be used in the tasking runtime (it is highly peculiar, and completely outside the normal semantics of Ada, for a user program to intercept the abort exception).


4.2 Attribute Address_Size

Standard'Address_Size (Standard is the only allowed prefix) is a static constant giving the number of bits in an Address. It is the same value as System.Address’Size, but has the advantage of being static, while a direct reference to System.Address’Size is nonstatic because Address is a private type.


4.3 Attribute Asm_Input

The Asm_Input attribute denotes a function that takes two parameters. The first is a string, the second is an expression of the type designated by the prefix. The first (string) argument is required to be a static expression, and is the constraint for the parameter, (e.g., what kind of register is required). The second argument is the value to be used as the input argument. The possible values for the constant are the same as those used in the RTL, and are dependent on the configuration file used to built the GCC back end. Machine Code Insertions


4.4 Attribute Asm_Output

The Asm_Output attribute denotes a function that takes two parameters. The first is a string, the second is the name of a variable of the type designated by the attribute prefix. The first (string) argument is required to be a static expression and designates the constraint for the parameter (e.g., what kind of register is required). The second argument is the variable to be updated with the result. The possible values for constraint are the same as those used in the RTL, and are dependent on the configuration file used to build the GCC back end. If there are no output operands, then this argument may either be omitted, or explicitly given as No_Output_Operands. Machine Code Insertions


4.5 Attribute Atomic_Always_Lock_Free

The prefix of the Atomic_Always_Lock_Free attribute is a type. The result is a Boolean value which is True if the type has discriminants, and False otherwise. The result indicate whether atomic operations are supported by the target for the given type.


4.6 Attribute Bit

obj'Bit, where obj is any object, yields the bit offset within the storage unit (byte) that contains the first bit of storage allocated for the object. The value of this attribute is of the type `universal_integer' and is always a nonnegative number smaller than System.Storage_Unit.

For an object that is a variable or a constant allocated in a register, the value is zero. (The use of this attribute does not force the allocation of a variable to memory).

For an object that is a formal parameter, this attribute applies to either the matching actual parameter or to a copy of the matching actual parameter.

For an access object the value is zero. Note that obj.all'Bit is subject to an Access_Check for the designated object. Similarly for a record component X.C'Bit is subject to a discriminant check and X(I).Bit and X(I1..I2)'Bit are subject to index checks.

This attribute is designed to be compatible with the DEC Ada 83 definition and implementation of the Bit attribute.


4.7 Attribute Bit_Position

R.C'Bit_Position, where R is a record object and C is one of the fields of the record type, yields the bit offset within the record contains the first bit of storage allocated for the object. The value of this attribute is of the type `universal_integer'. The value depends only on the field C and is independent of the alignment of the containing record R.


4.8 Attribute Code_Address

The 'Address attribute may be applied to subprograms in Ada 95 and Ada 2005, but the intended effect seems to be to provide an address value which can be used to call the subprogram by means of an address clause as in the following example:

procedure K is ...

procedure L;
for L'Address use K'Address;
pragma Import (Ada, L);

A call to L is then expected to result in a call to K. In Ada 83, where there were no access-to-subprogram values, this was a common work-around for getting the effect of an indirect call. GNAT implements the above use of Address and the technique illustrated by the example code works correctly.

However, for some purposes, it is useful to have the address of the start of the generated code for the subprogram. On some architectures, this is not necessarily the same as the Address value described above. For example, the Address value may reference a subprogram descriptor rather than the subprogram itself.

The 'Code_Address attribute, which can only be applied to subprogram entities, always returns the address of the start of the generated code of the specified subprogram, which may or may not be the same value as is returned by the corresponding 'Address attribute.


4.9 Attribute Compiler_Version

Standard'Compiler_Version (Standard is the only allowed prefix) yields a static string identifying the version of the compiler being used to compile the unit containing the attribute reference.


4.10 Attribute Constrained

In addition to the usage of this attribute in the Ada RM, GNAT also permits the use of the 'Constrained attribute in a generic template for any type, including types without discriminants. The value of this attribute in the generic instance when applied to a scalar type or a record type without discriminants is always True. This usage is compatible with older Ada compilers, including notably DEC Ada.


4.11 Attribute Default_Bit_Order

Standard'Default_Bit_Order (Standard is the only permissible prefix), provides the value System.Default_Bit_Order as a Pos value (0 for High_Order_First, 1 for Low_Order_First). This is used to construct the definition of Default_Bit_Order in package System.


4.12 Attribute Default_Scalar_Storage_Order

Standard'Default_Scalar_Storage_Order (Standard is the only permissible prefix), provides the current value of the default scalar storage order (as specified using pragma Default_Scalar_Storage_Order, or equal to Default_Bit_Order if unspecified) as a System.Bit_Order value. This is a static attribute.


4.13 Attribute Deref

The attribute typ'Deref(expr) where expr is of type System.Address yields the variable of type typ that is located at the given address. It is similar to (totyp (expr).all), where totyp is an unchecked conversion from address to a named access-to-typ type, except that it yields a variable, so it can be used on the left side of an assignment.


4.14 Attribute Descriptor_Size

Nonstatic attribute Descriptor_Size returns the size in bits of the descriptor allocated for a type. The result is non-zero only for unconstrained array types and the returned value is of type universal integer. In GNAT, an array descriptor contains bounds information and is located immediately before the first element of the array.

type Unconstr_Array is array (Short_Short_Integer range <>) of Positive;
Put_Line ("Descriptor size = " & Unconstr_Array'Descriptor_Size'Img);

The attribute takes into account any padding due to the alignment of the component type. In the example above, the descriptor contains two values of type Short_Short_Integer representing the low and high bound. But, since Positive has an alignment of 4, the size of the descriptor is 2 * Short_Short_Integer'Size rounded up to the next multiple of 32, which yields a size of 32 bits, i.e. including 16 bits of padding.


4.15 Attribute Elaborated

The prefix of the 'Elaborated attribute must be a unit name. The value is a Boolean which indicates whether or not the given unit has been elaborated. This attribute is primarily intended for internal use by the generated code for dynamic elaboration checking, but it can also be used in user programs. The value will always be True once elaboration of all units has been completed. An exception is for units which need no elaboration, the value is always False for such units.


4.16 Attribute Elab_Body

This attribute can only be applied to a program unit name. It returns the entity for the corresponding elaboration procedure for elaborating the body of the referenced unit. This is used in the main generated elaboration procedure by the binder and is not normally used in any other context. However, there may be specialized situations in which it is useful to be able to call this elaboration procedure from Ada code, e.g., if it is necessary to do selective re-elaboration to fix some error.


4.17 Attribute Elab_Spec

This attribute can only be applied to a program unit name. It returns the entity for the corresponding elaboration procedure for elaborating the spec of the referenced unit. This is used in the main generated elaboration procedure by the binder and is not normally used in any other context. However, there may be specialized situations in which it is useful to be able to call this elaboration procedure from Ada code, e.g., if it is necessary to do selective re-elaboration to fix some error.


4.18 Attribute Elab_Subp_Body

This attribute can only be applied to a library level subprogram name and is only allowed in CodePeer mode. It returns the entity for the corresponding elaboration procedure for elaborating the body of the referenced subprogram unit. This is used in the main generated elaboration procedure by the binder in CodePeer mode only and is unrecognized otherwise.


4.19 Attribute Emax

The Emax attribute is provided for compatibility with Ada 83. See the Ada 83 reference manual for an exact description of the semantics of this attribute.


4.20 Attribute Enabled

The Enabled attribute allows an application program to check at compile time to see if the designated check is currently enabled. The prefix is a simple identifier, referencing any predefined check name (other than All_Checks) or a check name introduced by pragma Check_Name. If no argument is given for the attribute, the check is for the general state of the check, if an argument is given, then it is an entity name, and the check indicates whether an Suppress or Unsuppress has been given naming the entity (if not, then the argument is ignored).

Note that instantiations inherit the check status at the point of the instantiation, so a useful idiom is to have a library package that introduces a check name with pragma Check_Name, and then contains generic packages or subprograms which use the Enabled attribute to see if the check is enabled. A user of this package can then issue a pragma Suppress or pragma Unsuppress before instantiating the package or subprogram, controlling whether the check will be present.


4.21 Attribute Enum_Rep

Note that this attribute is now standard in Ada 202x and is available as an implementation defined attribute for earlier Ada versions.

For every enumeration subtype S, S'Enum_Rep denotes a function with the following spec:

function S'Enum_Rep (Arg : S'Base) return <Universal_Integer>;

It is also allowable to apply Enum_Rep directly to an object of an enumeration type or to a non-overloaded enumeration literal. In this case S'Enum_Rep is equivalent to typ'Enum_Rep(S) where typ is the type of the enumeration literal or object.

The function returns the representation value for the given enumeration value. This will be equal to value of the Pos attribute in the absence of an enumeration representation clause. This is a static attribute (i.e., the result is static if the argument is static).

S'Enum_Rep can also be used with integer types and objects, in which case it simply returns the integer value. The reason for this is to allow it to be used for (<>) discrete formal arguments in a generic unit that can be instantiated with either enumeration types or integer types. Note that if Enum_Rep is used on a modular type whose upper bound exceeds the upper bound of the largest signed integer type, and the argument is a variable, so that the universal integer calculation is done at run time, then the call to Enum_Rep may raise Constraint_Error.


4.22 Attribute Enum_Val

Note that this attribute is now standard in Ada 202x and is available as an implementation defined attribute for earlier Ada versions.

For every enumeration subtype S, S'Enum_Val denotes a function with the following spec:

function S'Enum_Val (Arg : <Universal_Integer>) return S'Base;

The function returns the enumeration value whose representation matches the argument, or raises Constraint_Error if no enumeration literal of the type has the matching value. This will be equal to value of the Val attribute in the absence of an enumeration representation clause. This is a static attribute (i.e., the result is static if the argument is static).


4.23 Attribute Epsilon

The Epsilon attribute is provided for compatibility with Ada 83. See the Ada 83 reference manual for an exact description of the semantics of this attribute.


4.24 Attribute Fast_Math

Standard'Fast_Math (Standard is the only allowed prefix) yields a static Boolean value that is True if pragma Fast_Math is active, and False otherwise.


4.25 Attribute Finalization_Size

The prefix of attribute Finalization_Size must be an object or a non-class-wide type. This attribute returns the size of any hidden data reserved by the compiler to handle finalization-related actions. The type of the attribute is `universal_integer'.

Finalization_Size yields a value of zero for a type with no controlled parts, an object whose type has no controlled parts, or an object of a class-wide type whose tag denotes a type with no controlled parts.

Note that only heap-allocated objects contain finalization data.


4.26 Attribute Fixed_Value

For every fixed-point type S, S'Fixed_Value denotes a function with the following specification:

function S'Fixed_Value (Arg : <Universal_Integer>) return S;

The value returned is the fixed-point value V such that:

V = Arg * S'Small

The effect is thus similar to first converting the argument to the integer type used to represent S, and then doing an unchecked conversion to the fixed-point type. The difference is that there are full range checks, to ensure that the result is in range. This attribute is primarily intended for use in implementation of the input-output functions for fixed-point values.


4.27 Attribute From_Any

This internal attribute is used for the generation of remote subprogram stubs in the context of the Distributed Systems Annex.


4.28 Attribute Has_Access_Values

The prefix of the Has_Access_Values attribute is a type. The result is a Boolean value which is True if the is an access type, or is a composite type with a component (at any nesting depth) that is an access type, and is False otherwise. The intended use of this attribute is in conjunction with generic definitions. If the attribute is applied to a generic private type, it indicates whether or not the corresponding actual type has access values.


4.29 Attribute Has_Discriminants

The prefix of the Has_Discriminants attribute is a type. The result is a Boolean value which is True if the type has discriminants, and False otherwise. The intended use of this attribute is in conjunction with generic definitions. If the attribute is applied to a generic private type, it indicates whether or not the corresponding actual type has discriminants.


4.30 Attribute Has_Tagged_Values

The prefix of the Has_Tagged_Values attribute is a type. The result is a Boolean value which is True if the type is a composite type (array or record) that is either a tagged type or has a subcomponent that is tagged, and is False otherwise. The intended use of this attribute is in conjunction with generic definitions. If the attribute is applied to a generic private type, it indicates whether or not the corresponding actual type has access values.


4.31 Attribute Img

The Img attribute differs from Image in that, while both can be applied directly to an object, Img cannot be applied to types.

Example usage of the attribute:

Put_Line ("X = " & X'Img);

which has the same meaning as the more verbose:

Put_Line ("X = " & T'Image (X));

where T is the (sub)type of the object X.

Note that technically, in analogy to Image, X'Img returns a parameterless function that returns the appropriate string when called. This means that X'Img can be renamed as a function-returning-string, or used in an instantiation as a function parameter.


4.32 Attribute Initialized

For the syntax and semantics of this attribute, see the SPARK 2014 Reference Manual, section 6.10.


4.33 Attribute Integer_Value

For every integer type S, S'Integer_Value denotes a function with the following spec:

function S'Integer_Value (Arg : <Universal_Fixed>) return S;

The value returned is the integer value V, such that:

Arg = V * T'Small

where T is the type of Arg. The effect is thus similar to first doing an unchecked conversion from the fixed-point type to its corresponding implementation type, and then converting the result to the target integer type. The difference is that there are full range checks, to ensure that the result is in range. This attribute is primarily intended for use in implementation of the standard input-output functions for fixed-point values.


4.34 Attribute Invalid_Value

For every scalar type S, S’Invalid_Value returns an undefined value of the type. If possible this value is an invalid representation for the type. The value returned is identical to the value used to initialize an otherwise uninitialized value of the type if pragma Initialize_Scalars is used, including the ability to modify the value with the binder -Sxx flag and relevant environment variables at run time.


4.35 Attribute Iterable

Equivalent to Aspect Iterable.


4.36 Attribute Large

The Large attribute is provided for compatibility with Ada 83. See the Ada 83 reference manual for an exact description of the semantics of this attribute.


4.37 Attribute Library_Level

P'Library_Level, where P is an entity name, returns a Boolean value which is True if the entity is declared at the library level, and False otherwise. Note that within a generic instantition, the name of the generic unit denotes the instance, which means that this attribute can be used to test if a generic is instantiated at the library level, as shown in this example:

generic
  ...
package Gen is
  pragma Compile_Time_Error
    (not Gen'Library_Level,
     "Gen can only be instantiated at library level");
  ...
end Gen;

4.38 Attribute Lock_Free

P'Lock_Free, where P is a protected object, returns True if a pragma Lock_Free applies to P.


4.39 Attribute Loop_Entry

Syntax:

X'Loop_Entry [(loop_name)]

The Loop_Entry attribute is used to refer to the value that an expression had upon entry to a given loop in much the same way that the Old attribute in a subprogram postcondition can be used to refer to the value an expression had upon entry to the subprogram. The relevant loop is either identified by the given loop name, or it is the innermost enclosing loop when no loop name is given.

A Loop_Entry attribute can only occur within a Loop_Variant or Loop_Invariant pragma. A common use of Loop_Entry is to compare the current value of objects with their initial value at loop entry, in a Loop_Invariant pragma.

The effect of using X'Loop_Entry is the same as declaring a constant initialized with the initial value of X at loop entry. This copy is not performed if the loop is not entered, or if the corresponding pragmas are ignored or disabled.


4.40 Attribute Machine_Size

This attribute is identical to the Object_Size attribute. It is provided for compatibility with the DEC Ada 83 attribute of this name.


4.41 Attribute Mantissa

The Mantissa attribute is provided for compatibility with Ada 83. See the Ada 83 reference manual for an exact description of the semantics of this attribute.


4.42 Attribute Maximum_Alignment

Standard'Maximum_Alignment (Standard is the only permissible prefix) provides the maximum useful alignment value for the target. This is a static value that can be used to specify the alignment for an object, guaranteeing that it is properly aligned in all cases.


4.43 Attribute Max_Integer_Size

Standard'Max_Integer_Size (Standard is the only permissible prefix) provides the size of the largest supported integer type for the target. The result is a static constant.


4.44 Attribute Mechanism_Code

func'Mechanism_Code yields an integer code for the mechanism used for the result of function func, and subprog'Mechanism_Code (n) yields the mechanism used for formal parameter number `n' (a static integer value, with 1 meaning the first parameter) of subprogram subprog. The code returned is:

`1'

by copy (value)

`2'

by reference


4.45 Attribute Null_Parameter

A reference T'Null_Parameter denotes an imaginary object of type or subtype T allocated at machine address zero. The attribute is allowed only as the default expression of a formal parameter, or as an actual expression of a subprogram call. In either case, the subprogram must be imported.

The identity of the object is represented by the address zero in the argument list, independent of the passing mechanism (explicit or default).

This capability is needed to specify that a zero address should be passed for a record or other composite object passed by reference. There is no way of indicating this without the Null_Parameter attribute.


4.46 Attribute Object_Size

The size of an object is not necessarily the same as the size of the type of an object. This is because by default object sizes are increased to be a multiple of the alignment of the object. For example, Natural'Size is 31, but by default objects of type Natural will have a size of 32 bits. Similarly, a record containing an integer and a character:

type Rec is record
   I : Integer;
   C : Character;
end record;

will have a size of 40 (that is Rec'Size will be 40). The alignment will be 4, because of the integer field, and so the default size of record objects for this type will be 64 (8 bytes).

If the alignment of the above record is specified to be 1, then the object size will be 40 (5 bytes). This is true by default, and also an object size of 40 can be explicitly specified in this case.

A consequence of this capability is that different object sizes can be given to subtypes that would otherwise be considered in Ada to be statically matching. But it makes no sense to consider such subtypes as statically matching. Consequently, GNAT adds a rule to the static matching rules that requires object sizes to match. Consider this example:

 1. procedure BadAVConvert is
 2.    type R is new Integer;
 3.    subtype R1 is R range 1 .. 10;
 4.    subtype R2 is R range 1 .. 10;
 5.    for R1'Object_Size use 8;
 6.    for R2'Object_Size use 16;
 7.    type R1P is access all R1;
 8.    type R2P is access all R2;
 9.    R1PV : R1P := new R1'(4);
10.    R2PV : R2P;
11. begin
12.    R2PV := R2P (R1PV);
               |
       >>> target designated subtype not compatible with
           type "R1" defined at line 3

13. end;

In the absence of lines 5 and 6, types R1 and R2 statically match and hence the conversion on line 12 is legal. But since lines 5 and 6 cause the object sizes to differ, GNAT considers that types R1 and R2 are not statically matching, and line 12 generates the diagnostic shown above.

Similar additional checks are performed in other contexts requiring statically matching subtypes.


4.47 Attribute Old

In addition to the usage of Old defined in the Ada 2012 RM (usage within Post aspect), GNAT also permits the use of this attribute in implementation defined pragmas Postcondition, Contract_Cases and Test_Case. Also usages of Old which would be illegal according to the Ada 2012 RM definition are allowed under control of implementation defined pragma Unevaluated_Use_Of_Old.


4.48 Attribute Passed_By_Reference

typ'Passed_By_Reference for any subtype typ returns a value of type Boolean value that is True if the type is normally passed by reference and False if the type is normally passed by copy in calls. For scalar types, the result is always False and is static. For non-scalar types, the result is nonstatic.


4.49 Attribute Pool_Address

X'Pool_Address for any object X returns the address of X within its storage pool. This is the same as X'Address, except that for an unconstrained array whose bounds are allocated just before the first component, X'Pool_Address returns the address of those bounds, whereas X'Address returns the address of the first component.

Here, we are interpreting ’storage pool’ broadly to mean wherever the object is allocated, which could be a user-defined storage pool, the global heap, on the stack, or in a static memory area. For an object created by new, Ptr.all'Pool_Address is what is passed to Allocate and returned from Deallocate.


4.50 Attribute Range_Length

typ'Range_Length for any discrete type typ yields the number of values represented by the subtype (zero for a null range). The result is static for static subtypes. Range_Length applied to the index subtype of a one dimensional array always gives the same result as Length applied to the array itself.


4.51 Attribute Restriction_Set

This attribute allows compile time testing of restrictions that are currently in effect. It is primarily intended for specializing code in the run-time based on restrictions that are active (e.g. don’t need to save fpt registers if restriction No_Floating_Point is known to be in effect), but can be used anywhere.

There are two forms:

System'Restriction_Set (partition_boolean_restriction_NAME)
System'Restriction_Set (No_Dependence => library_unit_NAME);

In the case of the first form, the only restriction names allowed are parameterless restrictions that are checked for consistency at bind time. For a complete list see the subtype System.Rident.Partition_Boolean_Restrictions.

The result returned is True if the restriction is known to be in effect, and False if the restriction is known not to be in effect. An important guarantee is that the value of a Restriction_Set attribute is known to be consistent throughout all the code of a partition.

This is trivially achieved if the entire partition is compiled with a consistent set of restriction pragmas. However, the compilation model does not require this. It is possible to compile one set of units with one set of pragmas, and another set of units with another set of pragmas. It is even possible to compile a spec with one set of pragmas, and then WITH the same spec with a different set of pragmas. Inconsistencies in the actual use of the restriction are checked at bind time.

In order to achieve the guarantee of consistency for the Restriction_Set pragma, we consider that a use of the pragma that yields False is equivalent to a violation of the restriction.

So for example if you write

if System'Restriction_Set (No_Floating_Point) then
   ...
else
   ...
end if;

And the result is False, so that the else branch is executed, you can assume that this restriction is not set for any unit in the partition. This is checked by considering this use of the restriction pragma to be a violation of the restriction No_Floating_Point. This means that no other unit can attempt to set this restriction (if some unit does attempt to set it, the binder will refuse to bind the partition).

Technical note: The restriction name and the unit name are intepreted entirely syntactically, as in the corresponding Restrictions pragma, they are not analyzed semantically, so they do not have a type.


4.52 Attribute Result

function'Result can only be used with in a Postcondition pragma for a function. The prefix must be the name of the corresponding function. This is used to refer to the result of the function in the postcondition expression. For a further discussion of the use of this attribute and examples of its use, see the description of pragma Postcondition.


4.53 Attribute Safe_Emax

The Safe_Emax attribute is provided for compatibility with Ada 83. See the Ada 83 reference manual for an exact description of the semantics of this attribute.


4.54 Attribute Safe_Large

The Safe_Large attribute is provided for compatibility with Ada 83. See the Ada 83 reference manual for an exact description of the semantics of this attribute.


4.55 Attribute Safe_Small

The Safe_Small attribute is provided for compatibility with Ada 83. See the Ada 83 reference manual for an exact description of the semantics of this attribute.


4.56 Attribute Scalar_Storage_Order

For every array or record type S, the representation attribute Scalar_Storage_Order denotes the order in which storage elements that make up scalar components are ordered within S. The value given must be a static expression of type System.Bit_Order. The following is an example of the use of this feature:

--  Component type definitions

subtype Yr_Type is Natural range 0 .. 127;
subtype Mo_Type is Natural range 1 .. 12;
subtype Da_Type is Natural range 1 .. 31;

--  Record declaration

type Date is record
   Years_Since_1980 : Yr_Type;
   Month            : Mo_Type;
   Day_Of_Month     : Da_Type;
end record;

--  Record representation clause

for Date use record
   Years_Since_1980 at 0 range 0  ..  6;
   Month            at 0 range 7  .. 10;
   Day_Of_Month     at 0 range 11 .. 15;
end record;

--  Attribute definition clauses

for Date'Bit_Order use System.High_Order_First;
for Date'Scalar_Storage_Order use System.High_Order_First;
--  If Scalar_Storage_Order is specified, it must be consistent with
--  Bit_Order, so it's best to always define the latter explicitly if
--  the former is used.

Other properties are as for the standard representation attribute Bit_Order defined by Ada RM 13.5.3(4). The default is System.Default_Bit_Order.

For a record type T, if T'Scalar_Storage_Order is specified explicitly, it shall be equal to T'Bit_Order. Note: this means that if a Scalar_Storage_Order attribute definition clause is not confirming, then the type’s Bit_Order shall be specified explicitly and set to the same value.

Derived types inherit an explicitly set scalar storage order from their parent types. This may be overridden for the derived type by giving an explicit scalar storage order for it. However, for a record extension, the derived type must have the same scalar storage order as the parent type.

A component of a record type that is itself a record or an array and that does not start and end on a byte boundary must have have the same scalar storage order as the record type. A component of a bit-packed array type that is itself a record or an array must have the same scalar storage order as the array type.

No component of a type that has an explicit Scalar_Storage_Order attribute definition may be aliased.

A confirming Scalar_Storage_Order attribute definition clause (i.e. with a value equal to System.Default_Bit_Order) has no effect.

If the opposite storage order is specified, then whenever the value of a scalar component of an object of type S is read, the storage elements of the enclosing machine scalar are first reversed (before retrieving the component value, possibly applying some shift and mask operatings on the enclosing machine scalar), and the opposite operation is done for writes.

In that case, the restrictions set forth in 13.5.1(10.3/2) for scalar components are relaxed. Instead, the following rules apply:

  • * the underlying storage elements are those at positions (position + first_bit / storage_element_size) .. (position + (last_bit + storage_element_size - 1) / storage_element_size)
  • * the sequence of underlying storage elements shall have a size no greater than the largest machine scalar
  • * the enclosing machine scalar is defined as the smallest machine scalar starting at a position no greater than position + first_bit / storage_element_size and covering storage elements at least up to position + (last_bit + storage_element_size - 1) / storage_element_size`
  • * the position of the component is interpreted relative to that machine scalar.

If no scalar storage order is specified for a type (either directly, or by inheritance in the case of a derived type), then the default is normally the native ordering of the target, but this default can be overridden using pragma Default_Scalar_Storage_Order.

If a component of T is itself of a record or array type, the specfied Scalar_Storage_Order does `not' apply to that nested type: an explicit attribute definition clause must be provided for the component type as well if desired.

Note that the scalar storage order only affects the in-memory data representation. It has no effect on the representation used by stream attributes.

Note that debuggers may be unable to display the correct value of scalar components of a type for which the opposite storage order is specified.


4.57 Attribute Simple_Storage_Pool

For every nonformal, nonderived access-to-object type Acc, the representation attribute Simple_Storage_Pool may be specified via an attribute_definition_clause (or by specifying the equivalent aspect):

My_Pool : My_Simple_Storage_Pool_Type;

type Acc is access My_Data_Type;

for Acc'Simple_Storage_Pool use My_Pool;

The name given in an attribute_definition_clause for the Simple_Storage_Pool attribute shall denote a variable of a ’simple storage pool type’ (see pragma Simple_Storage_Pool_Type).

The use of this attribute is only allowed for a prefix denoting a type for which it has been specified. The type of the attribute is the type of the variable specified as the simple storage pool of the access type, and the attribute denotes that variable.

It is illegal to specify both Storage_Pool and Simple_Storage_Pool for the same access type.

If the Simple_Storage_Pool attribute has been specified for an access type, then applying the Storage_Pool attribute to the type is flagged with a warning and its evaluation raises the exception Program_Error.

If the Simple_Storage_Pool attribute has been specified for an access type S, then the evaluation of the attribute S'Storage_Size returns the result of calling Storage_Size (S'Simple_Storage_Pool), which is intended to indicate the number of storage elements reserved for the simple storage pool. If the Storage_Size function has not been defined for the simple storage pool type, then this attribute returns zero.

If an access type S has a specified simple storage pool of type SSP, then the evaluation of an allocator for that access type calls the primitive Allocate procedure for type SSP, passing S'Simple_Storage_Pool as the pool parameter. The detailed semantics of such allocators is the same as those defined for allocators in section 13.11 of the Ada Reference Manual, with the term `simple storage pool' substituted for `storage pool'.

If an access type S has a specified simple storage pool of type SSP, then a call to an instance of the Ada.Unchecked_Deallocation for that access type invokes the primitive Deallocate procedure for type SSP, passing S'Simple_Storage_Pool as the pool parameter. The detailed semantics of such unchecked deallocations is the same as defined in section 13.11.2 of the Ada Reference Manual, except that the term `simple storage pool' is substituted for `storage pool'.


4.58 Attribute Small

The Small attribute is defined in Ada 95 (and Ada 2005) only for fixed-point types. GNAT also allows this attribute to be applied to floating-point types for compatibility with Ada 83. See the Ada 83 reference manual for an exact description of the semantics of this attribute when applied to floating-point types.


4.59 Attribute Small_Denominator

typ'Small_Denominator for any fixed-point subtype typ yields the denominator in the representation of typ'Small as a rational number with coprime factors (i.e. as an irreducible fraction).


4.60 Attribute Small_Numerator

typ'Small_Numerator for any fixed-point subtype typ yields the numerator in the representation of typ'Small as a rational number with coprime factors (i.e. as an irreducible fraction).


4.61 Attribute Storage_Unit

Standard'Storage_Unit (Standard is the only permissible prefix) provides the same value as System.Storage_Unit.


4.62 Attribute Stub_Type

The GNAT implementation of remote access-to-classwide types is organized as described in AARM section E.4 (20.t): a value of an RACW type (designating a remote object) is represented as a normal access value, pointing to a "stub" object which in turn contains the necessary information to contact the designated remote object. A call on any dispatching operation of such a stub object does the remote call, if necessary, using the information in the stub object to locate the target partition, etc.

For a prefix T that denotes a remote access-to-classwide type, T'Stub_Type denotes the type of the corresponding stub objects.

By construction, the layout of T'Stub_Type is identical to that of type RACW_Stub_Type declared in the internal implementation-defined unit System.Partition_Interface. Use of this attribute will create an implicit dependency on this unit.


4.63 Attribute System_Allocator_Alignment

Standard'System_Allocator_Alignment (Standard is the only permissible prefix) provides the observable guaranted to be honored by the system allocator (malloc). This is a static value that can be used in user storage pools based on malloc either to reject allocation with alignment too large or to enable a realignment circuitry if the alignment request is larger than this value.


4.64 Attribute Target_Name

Standard'Target_Name (Standard is the only permissible prefix) provides a static string value that identifies the target for the current compilation. For GCC implementations, this is the standard gcc target name without the terminating slash (for example, GNAT 5.0 on windows yields "i586-pc-mingw32msv").


4.65 Attribute To_Address

The System'To_Address (System is the only permissible prefix) denotes a function identical to System.Storage_Elements.To_Address except that it is a static attribute. This means that if its argument is a static expression, then the result of the attribute is a static expression. This means that such an expression can be used in contexts (e.g., preelaborable packages) which require a static expression and where the function call could not be used (since the function call is always nonstatic, even if its argument is static). The argument must be in the range -(2**(m-1)) .. 2**m-1, where m is the memory size (typically 32 or 64). Negative values are intepreted in a modular manner (e.g., -1 means the same as 16#FFFF_FFFF# on a 32 bits machine).


4.66 Attribute To_Any

This internal attribute is used for the generation of remote subprogram stubs in the context of the Distributed Systems Annex.


4.67 Attribute Type_Class

typ'Type_Class for any type or subtype typ yields the value of the type class for the full type of typ. If typ is a generic formal type, the value is the value for the corresponding actual subtype. The value of this attribute is of type System.Aux_DEC.Type_Class, which has the following definition:

type Type_Class is
  (Type_Class_Enumeration,
   Type_Class_Integer,
   Type_Class_Fixed_Point,
   Type_Class_Floating_Point,
   Type_Class_Array,
   Type_Class_Record,
   Type_Class_Access,
   Type_Class_Task,
   Type_Class_Address);

Protected types yield the value Type_Class_Task, which thus applies to all concurrent types. This attribute is designed to be compatible with the DEC Ada 83 attribute of the same name.


4.68 Attribute Type_Key

The Type_Key attribute is applicable to a type or subtype and yields a value of type Standard.String containing encoded information about the type or subtype. This provides improved compatibility with other implementations that support this attribute.


4.69 Attribute TypeCode

This internal attribute is used for the generation of remote subprogram stubs in the context of the Distributed Systems Annex.


4.70 Attribute Unconstrained_Array

The Unconstrained_Array attribute can be used with a prefix that denotes any type or subtype. It is a static attribute that yields True if the prefix designates an unconstrained array, and False otherwise. In a generic instance, the result is still static, and yields the result of applying this test to the generic actual.


4.71 Attribute Universal_Literal_String

The prefix of Universal_Literal_String must be a named number. The static result is the string consisting of the characters of the number as defined in the original source. This allows the user program to access the actual text of named numbers without intermediate conversions and without the need to enclose the strings in quotes (which would preclude their use as numbers).

For example, the following program prints the first 50 digits of pi:

with Text_IO; use Text_IO;
with Ada.Numerics;
procedure Pi is
begin
   Put (Ada.Numerics.Pi'Universal_Literal_String);
end;

4.72 Attribute Unrestricted_Access

The Unrestricted_Access attribute is similar to Access except that all accessibility and aliased view checks are omitted. This is a user-beware attribute.

For objects, it is similar to Address, for which it is a desirable replacement where the value desired is an access type. In other words, its effect is similar to first applying the Address attribute and then doing an unchecked conversion to a desired access type.

For subprograms, P'Unrestricted_Access may be used where P'Access would be illegal, to construct a value of a less-nested named access type that designates a more-nested subprogram. This value may be used in indirect calls, so long as the more-nested subprogram still exists; once the subprogram containing it has returned, such calls are erroneous. For example:

package body P is

   type Less_Nested is not null access procedure;
   Global : Less_Nested;

   procedure P1 is
   begin
      Global.all;
   end P1;

   procedure P2 is
      Local_Var : Integer;

      procedure More_Nested is
      begin
         ... Local_Var ...
      end More_Nested;
   begin
      Global := More_Nested'Unrestricted_Access;
      P1;
   end P2;

end P;

When P1 is called from P2, the call via Global is OK, but if P1 were called after P2 returns, it would be an erroneous use of a dangling pointer.

For objects, it is possible to use Unrestricted_Access for any type. However, if the result is of an access-to-unconstrained array subtype, then the resulting pointer has the same scope as the context of the attribute, and must not be returned to some enclosing scope. For instance, if a function uses Unrestricted_Access to create an access-to-unconstrained-array and returns that value to the caller, the result will involve dangling pointers. In addition, it is only valid to create pointers to unconstrained arrays using this attribute if the pointer has the normal default ’fat’ representation where a pointer has two components, one points to the array and one points to the bounds. If a size clause is used to force ’thin’ representation for a pointer to unconstrained where there is only space for a single pointer, then the resulting pointer is not usable.

In the simple case where a direct use of Unrestricted_Access attempts to make a thin pointer for a non-aliased object, the compiler will reject the use as illegal, as shown in the following example:

with System; use System;
procedure SliceUA2 is
   type A is access all String;
   for A'Size use Standard'Address_Size;

   procedure P (Arg : A) is
   begin
      null;
   end P;

   X : String := "hello world!";
   X2 : aliased String := "hello world!";

   AV : A := X'Unrestricted_Access;    -- ERROR
             |
>>> illegal use of Unrestricted_Access attribute
>>> attempt to generate thin pointer to unaliased object

begin
   P (X'Unrestricted_Access);          -- ERROR
      |
>>> illegal use of Unrestricted_Access attribute
>>> attempt to generate thin pointer to unaliased object

   P (X(7 .. 12)'Unrestricted_Access); -- ERROR
      |
>>> illegal use of Unrestricted_Access attribute
>>> attempt to generate thin pointer to unaliased object

   P (X2'Unrestricted_Access);         -- OK
end;

but other cases cannot be detected by the compiler, and are considered to be erroneous. Consider the following example:

with System; use System;
with System; use System;
procedure SliceUA is
   type AF is access all String;

   type A is access all String;
   for A'Size use Standard'Address_Size;

   procedure P (Arg : A) is
   begin
      if Arg'Length /= 6 then
         raise Program_Error;
      end if;
   end P;

   X : String := "hello world!";
   Y : AF := X (7 .. 12)'Unrestricted_Access;

begin
   P (A (Y));
end;

A normal unconstrained array value or a constrained array object marked as aliased has the bounds in memory just before the array, so a thin pointer can retrieve both the data and the bounds. But in this case, the non-aliased object X does not have the bounds before the string. If the size clause for type A were not present, then the pointer would be a fat pointer, where one component is a pointer to the bounds, and all would be well. But with the size clause present, the conversion from fat pointer to thin pointer in the call loses the bounds, and so this is erroneous, and the program likely raises a Program_Error exception.

In general, it is advisable to completely avoid mixing the use of thin pointers and the use of Unrestricted_Access where the designated type is an unconstrained array. The use of thin pointers should be restricted to cases of porting legacy code that implicitly assumes the size of pointers, and such code should not in any case be using this attribute.

Another erroneous situation arises if the attribute is applied to a constant. The resulting pointer can be used to access the constant, but the effect of trying to modify a constant in this manner is not well-defined. Consider this example:

P : constant Integer := 4;
type R is access all Integer;
RV : R := P'Unrestricted_Access;
..
RV.all := 3;

Here we attempt to modify the constant P from 4 to 3, but the compiler may or may not notice this attempt, and subsequent references to P may yield either the value 3 or the value 4 or the assignment may blow up if the compiler decides to put P in read-only memory. One particular case where Unrestricted_Access can be used in this way is to modify the value of an in parameter:

procedure K (S : in String) is
   type R is access all Character;
   RV : R := S (3)'Unrestricted_Access;
begin
   RV.all := 'a';
end;

In general this is a risky approach. It may appear to "work" but such uses of Unrestricted_Access are potentially non-portable, even from one version of GNAT to another, so are best avoided if possible.


4.73 Attribute Update

The Update attribute creates a copy of an array or record value with one or more modified components. The syntax is:

PREFIX'Update ( RECORD_COMPONENT_ASSOCIATION_LIST )
PREFIX'Update ( ARRAY_COMPONENT_ASSOCIATION {, ARRAY_COMPONENT_ASSOCIATION } )
PREFIX'Update ( MULTIDIMENSIONAL_ARRAY_COMPONENT_ASSOCIATION
                {, MULTIDIMENSIONAL_ARRAY_COMPONENT_ASSOCIATION } )

MULTIDIMENSIONAL_ARRAY_COMPONENT_ASSOCIATION ::= INDEX_EXPRESSION_LIST_LIST => EXPRESSION
INDEX_EXPRESSION_LIST_LIST                   ::= INDEX_EXPRESSION_LIST {| INDEX_EXPRESSION_LIST }
INDEX_EXPRESSION_LIST                        ::= ( EXPRESSION {, EXPRESSION } )

where PREFIX is the name of an array or record object, the association list in parentheses does not contain an others choice and the box symbol <> may not appear in any expression. The effect is to yield a copy of the array or record value which is unchanged apart from the components mentioned in the association list, which are changed to the indicated value. The original value of the array or record value is not affected. For example:

type Arr is Array (1 .. 5) of Integer;
...
Avar1 : Arr := (1,2,3,4,5);
Avar2 : Arr := Avar1'Update (2 => 10, 3 .. 4 => 20);

yields a value for Avar2 of 1,10,20,20,5 with Avar1 begin unmodified. Similarly:

type Rec is A, B, C : Integer;
...
Rvar1 : Rec := (A => 1, B => 2, C => 3);
Rvar2 : Rec := Rvar1'Update (B => 20);

yields a value for Rvar2 of (A => 1, B => 20, C => 3), with Rvar1 being unmodifed. Note that the value of the attribute reference is computed completely before it is used. This means that if you write:

Avar1 := Avar1'Update (1 => 10, 2 => Function_Call);

then the value of Avar1 is not modified if Function_Call raises an exception, unlike the effect of a series of direct assignments to elements of Avar1. In general this requires that two extra complete copies of the object are required, which should be kept in mind when considering efficiency.

The Update attribute cannot be applied to prefixes of a limited type, and cannot reference discriminants in the case of a record type. The accessibility level of an Update attribute result object is defined as for an aggregate.

In the record case, no component can be mentioned more than once. In the array case, two overlapping ranges can appear in the association list, in which case the modifications are processed left to right.

Multi-dimensional arrays can be modified, as shown by this example:

A : array (1 .. 10, 1 .. 10) of Integer;
..
A := A'Update ((1, 2) => 20, (3, 4) => 30);

which changes element (1,2) to 20 and (3,4) to 30.


4.74 Attribute Valid_Scalars

The 'Valid_Scalars attribute is intended to make it easier to check the validity of scalar subcomponents of composite objects. The attribute is defined for any prefix P which denotes an object. Prefix P can be any type except for tagged private or Unchecked_Union types. The value of the attribute is of type Boolean.

P'Valid_Scalars yields True if and only if the evaluation of C'Valid yields True for every scalar subcomponent C of P, or if P has no scalar subcomponents. Attribute 'Valid_Scalars is equivalent to attribute 'Valid for scalar types.

It is not specified in what order the subcomponents are checked, nor whether any more are checked after any one of them is determined to be invalid. If the prefix P is of a class-wide type T'Class (where T is the associated specific type), or if the prefix P is of a specific tagged type T, then only the subcomponents of T are checked; in other words, components of extensions of T are not checked even if T'Class (P)'Tag /= T'Tag.

The compiler will issue a warning if it can be determined at compile time that the prefix of the attribute has no scalar subcomponents.

Note: Valid_Scalars can generate a lot of code, especially in the case of a large variant record. If the attribute is called in many places in the same program applied to objects of the same type, it can reduce program size to write a function with a single use of the attribute, and then call that function from multiple places.


4.75 Attribute VADS_Size

The 'VADS_Size attribute is intended to make it easier to port legacy code which relies on the semantics of 'Size as implemented by the VADS Ada 83 compiler. GNAT makes a best effort at duplicating the same semantic interpretation. In particular, 'VADS_Size applied to a predefined or other primitive type with no Size clause yields the Object_Size (for example, Natural'Size is 32 rather than 31 on typical machines). In addition 'VADS_Size applied to an object gives the result that would be obtained by applying the attribute to the corresponding type.


4.76 Attribute Value_Size

type'Value_Size is the number of bits required to represent a value of the given subtype. It is the same as type'Size, but, unlike Size, may be set for non-first subtypes.


4.77 Attribute Wchar_T_Size

Standard'Wchar_T_Size (Standard is the only permissible prefix) provides the size in bits of the C wchar_t type primarily for constructing the definition of this type in package Interfaces.C. The result is a static constant.


4.78 Attribute Word_Size

Standard'Word_Size (Standard is the only permissible prefix) provides the value System.Word_Size. The result is a static constant.


5 Standard and Implementation Defined Restrictions

All Ada Reference Manual-defined Restriction identifiers are implemented:

GNAT implements additional restriction identifiers. All restrictions, whether language defined or GNAT-specific, are listed in the following.


5.1 Partition-Wide Restrictions

There are two separate lists of restriction identifiers. The first set requires consistency throughout a partition (in other words, if the restriction identifier is used for any compilation unit in the partition, then all compilation units in the partition must obey the restriction).


5.1.1 Immediate_Reclamation

[RM H.4] This restriction ensures that, except for storage occupied by objects created by allocators and not deallocated via unchecked deallocation, any storage reserved at run time for an object is immediately reclaimed when the object no longer exists.


5.1.2 Max_Asynchronous_Select_Nesting

[RM D.7] Specifies the maximum dynamic nesting level of asynchronous selects. Violations of this restriction with a value of zero are detected at compile time. Violations of this restriction with values other than zero cause Storage_Error to be raised.


5.1.3 Max_Entry_Queue_Length

[RM D.7] This restriction is a declaration that any protected entry compiled in the scope of the restriction has at most the specified number of tasks waiting on the entry at any one time, and so no queue is required. Note that this restriction is checked at run time. Violation of this restriction results in the raising of Program_Error exception at the point of the call.

The restriction Max_Entry_Queue_Depth is recognized as a synonym for Max_Entry_Queue_Length. This is retained for historical compatibility purposes (and a warning will be generated for its use if warnings on obsolescent features are activated).


5.1.4 Max_Protected_Entries

[RM D.7] Specifies the maximum number of entries per protected type. The bounds of every entry family of a protected unit shall be static, or shall be defined by a discriminant of a subtype whose corresponding bound is static.


5.1.5 Max_Select_Alternatives

[RM D.7] Specifies the maximum number of alternatives in a selective accept.


5.1.6 Max_Storage_At_Blocking

[RM D.7] Specifies the maximum portion (in storage elements) of a task’s Storage_Size that can be retained by a blocked task. A violation of this restriction causes Storage_Error to be raised.


5.1.7 Max_Task_Entries

[RM D.7] Specifies the maximum number of entries per task. The bounds of every entry family of a task unit shall be static, or shall be defined by a discriminant of a subtype whose corresponding bound is static.


5.1.8 Max_Tasks

[RM D.7] Specifies the maximum number of task that may be created, not counting the creation of the environment task. Violations of this restriction with a value of zero are detected at compile time. Violations of this restriction with values other than zero cause Storage_Error to be raised.


5.1.9 No_Abort_Statements

[RM D.7] There are no abort_statements, and there are no calls to Task_Identification.Abort_Task.


5.1.10 No_Access_Parameter_Allocators

[RM H.4] This restriction ensures at compile time that there are no occurrences of an allocator as the actual parameter to an access parameter.


5.1.11 No_Access_Subprograms

[RM H.4] This restriction ensures at compile time that there are no declarations of access-to-subprogram types.


5.1.12 No_Allocators

[RM H.4] This restriction ensures at compile time that there are no occurrences of an allocator.


5.1.13 No_Anonymous_Allocators

[RM H.4] This restriction ensures at compile time that there are no occurrences of an allocator of anonymous access type.


5.1.14 No_Asynchronous_Control

[RM J.13] This restriction ensures at compile time that there are no semantic dependences on the predefined package Asynchronous_Task_Control.


5.1.15 No_Calendar

[GNAT] This restriction ensures at compile time that there are no semantic dependences on package Calendar.


5.1.16 No_Coextensions

[RM H.4] This restriction ensures at compile time that there are no coextensions. See 3.10.2.


5.1.17 No_Default_Initialization

[GNAT] This restriction prohibits any instance of default initialization of variables. The binder implements a consistency rule which prevents any unit compiled without the restriction from with’ing a unit with the restriction (this allows the generation of initialization procedures to be skipped, since you can be sure that no call is ever generated to an initialization procedure in a unit with the restriction active). If used in conjunction with Initialize_Scalars or Normalize_Scalars, the effect is to prohibit all cases of variables declared without a specific initializer (including the case of OUT scalar parameters).


5.1.18 No_Delay

[RM H.4] This restriction ensures at compile time that there are no delay statements and no semantic dependences on package Calendar.


5.1.19 No_Dependence

[RM 13.12.1] This restriction ensures at compile time that there are no dependences on a library unit.


5.1.20 No_Direct_Boolean_Operators

[GNAT] This restriction ensures that no logical operators (and/or/xor) are used on operands of type Boolean (or any type derived from Boolean). This is intended for use in safety critical programs where the certification protocol requires the use of short-circuit (and then, or else) forms for all composite boolean operations.


5.1.21 No_Dispatch

[RM H.4] This restriction ensures at compile time that there are no occurrences of T'Class, for any (tagged) subtype T.


5.1.22 No_Dispatching_Calls

[GNAT] This restriction ensures at compile time that the code generated by the compiler involves no dispatching calls. The use of this restriction allows the safe use of record extensions, classwide membership tests and other classwide features not involving implicit dispatching. This restriction ensures that the code contains no indirect calls through a dispatching mechanism. Note that this includes internally-generated calls created by the compiler, for example in the implementation of class-wide objects assignments. The membership test is allowed in the presence of this restriction, because its implementation requires no dispatching. This restriction is comparable to the official Ada restriction No_Dispatch except that it is a bit less restrictive in that it allows all classwide constructs that do not imply dispatching. The following example indicates constructs that violate this restriction.

package Pkg is
  type T is tagged record
    Data : Natural;
  end record;
  procedure P (X : T);

  type DT is new T with record
    More_Data : Natural;
  end record;
  procedure Q (X : DT);
end Pkg;

with Pkg; use Pkg;
procedure Example is
  procedure Test (O : T'Class) is
    N : Natural  := O'Size;--  Error: Dispatching call
    C : T'Class := O;      --  Error: implicit Dispatching Call
  begin
    if O in DT'Class then  --  OK   : Membership test
       Q (DT (O));         --  OK   : Type conversion plus direct call
    else
       P (O);              --  Error: Dispatching call
    end if;
  end Test;

  Obj : DT;
begin
  P (Obj);                 --  OK   : Direct call
  P (T (Obj));             --  OK   : Type conversion plus direct call
  P (T'Class (Obj));       --  Error: Dispatching call

  Test (Obj);              --  OK   : Type conversion

  if Obj in T'Class then   --  OK   : Membership test
     null;
  end if;
end Example;

5.1.23 No_Dynamic_Attachment

[RM D.7] This restriction ensures that there is no call to any of the operations defined in package Ada.Interrupts (Is_Reserved, Is_Attached, Current_Handler, Attach_Handler, Exchange_Handler, Detach_Handler, and Reference).

The restriction No_Dynamic_Interrupts is recognized as a synonym for No_Dynamic_Attachment. This is retained for historical compatibility purposes (and a warning will be generated for its use if warnings on obsolescent features are activated).


5.1.24 No_Dynamic_Priorities

[RM D.7] There are no semantic dependencies on the package Dynamic_Priorities.


5.1.25 No_Entry_Calls_In_Elaboration_Code

[GNAT] This restriction ensures at compile time that no task or protected entry calls are made during elaboration code. As a result of the use of this restriction, the compiler can assume that no code past an accept statement in a task can be executed at elaboration time.


5.1.26 No_Enumeration_Maps

[GNAT] This restriction ensures at compile time that no operations requiring enumeration maps are used (that is Image and Value attributes applied to enumeration types).


5.1.27 No_Exception_Handlers

[GNAT] This restriction ensures at compile time that there are no explicit exception handlers. It also indicates that no exception propagation will be provided. In this mode, exceptions may be raised but will result in an immediate call to the last chance handler, a routine that the user must define with the following profile:

procedure Last_Chance_Handler
  (Source_Location : System.Address; Line : Integer);
pragma Export (C, Last_Chance_Handler,
               "__gnat_last_chance_handler");

The parameter is a C null-terminated string representing a message to be associated with the exception (typically the source location of the raise statement generated by the compiler). The Line parameter when nonzero represents the line number in the source program where the raise occurs.


5.1.28 No_Exception_Propagation

[GNAT] This restriction guarantees that exceptions are never propagated to an outer subprogram scope. The only case in which an exception may be raised is when the handler is statically in the same subprogram, so that the effect of a raise is essentially like a goto statement. Any other raise statement (implicit or explicit) will be considered unhandled. Exception handlers are allowed, but may not contain an exception occurrence identifier (exception choice). In addition, use of the package GNAT.Current_Exception is not permitted, and reraise statements (raise with no operand) are not permitted.


5.1.29 No_Exception_Registration

[GNAT] This restriction ensures at compile time that no stream operations for types Exception_Id or Exception_Occurrence are used. This also makes it impossible to pass exceptions to or from a partition with this restriction in a distributed environment. If this restriction is active, the generated code is simplified by omitting the otherwise-required global registration of exceptions when they are declared.


5.1.30 No_Exceptions

[RM H.4] This restriction ensures at compile time that there are no raise statements and no exception handlers and also suppresses the generation of language-defined run-time checks.


5.1.31 No_Finalization

[GNAT] This restriction disables the language features described in chapter 7.6 of the Ada 2005 RM as well as all form of code generation performed by the compiler to support these features. The following types are no longer considered controlled when this restriction is in effect:

  • * Ada.Finalization.Controlled
  • * Ada.Finalization.Limited_Controlled
  • * Derivations from Controlled or Limited_Controlled
  • * Class-wide types
  • * Protected types
  • * Task types
  • * Array and record types with controlled components

The compiler no longer generates code to initialize, finalize or adjust an object or a nested component, either declared on the stack or on the heap. The deallocation of a controlled object no longer finalizes its contents.


5.1.32 No_Fixed_Point

[RM H.4] This restriction ensures at compile time that there are no occurrences of fixed point types and operations.


5.1.33 No_Floating_Point

[RM H.4] This restriction ensures at compile time that there are no occurrences of floating point types and operations.


5.1.34 No_Implicit_Conditionals

[GNAT] This restriction ensures that the generated code does not contain any implicit conditionals, either by modifying the generated code where possible, or by rejecting any construct that would otherwise generate an implicit conditional. Note that this check does not include run time constraint checks, which on some targets may generate implicit conditionals as well. To control the latter, constraint checks can be suppressed in the normal manner. Constructs generating implicit conditionals include comparisons of composite objects and the Max/Min attributes.


5.1.35 No_Implicit_Dynamic_Code

[GNAT] This restriction prevents the compiler from building ’trampolines’. This is a structure that is built on the stack and contains dynamic code to be executed at run time. On some targets, a trampoline is built for the following features: Access, Unrestricted_Access, or Address of a nested subprogram; nested task bodies; primitive operations of nested tagged types. Trampolines do not work on machines that prevent execution of stack data. For example, on windows systems, enabling DEP (data execution protection) will cause trampolines to raise an exception. Trampolines are also quite slow at run time.

On many targets, trampolines have been largely eliminated. Look at the version of system.ads for your target — if it has Always_Compatible_Rep equal to False, then trampolines are largely eliminated. In particular, a trampoline is built for the following features: Address of a nested subprogram; Access or Unrestricted_Access of a nested subprogram, but only if pragma Favor_Top_Level applies, or the access type has a foreign-language convention; primitive operations of nested tagged types.


5.1.36 No_Implicit_Heap_Allocations

[RM D.7] No constructs are allowed to cause implicit heap allocation.


5.1.37 No_Implicit_Protected_Object_Allocations

[GNAT] No constructs are allowed to cause implicit heap allocation of a protected object.


5.1.38 No_Implicit_Task_Allocations

[GNAT] No constructs are allowed to cause implicit heap allocation of a task.


5.1.39 No_Initialize_Scalars

[GNAT] This restriction ensures that no unit in the partition is compiled with pragma Initialize_Scalars. This allows the generation of more efficient code, and in particular eliminates dummy null initialization routines that are otherwise generated for some record and array types.


5.1.40 No_IO

[RM H.4] This restriction ensures at compile time that there are no dependences on any of the library units Sequential_IO, Direct_IO, Text_IO, Wide_Text_IO, Wide_Wide_Text_IO, or Stream_IO.


5.1.41 No_Local_Allocators

[RM H.4] This restriction ensures at compile time that there are no occurrences of an allocator in subprograms, generic subprograms, tasks, and entry bodies.


5.1.42 No_Local_Protected_Objects

[RM D.7] This restriction ensures at compile time that protected objects are only declared at the library level.


5.1.43 No_Local_Timing_Events

[RM D.7] All objects of type Ada.Real_Time.Timing_Events.Timing_Event are declared at the library level.


5.1.44 No_Long_Long_Integers

[GNAT] This partition-wide restriction forbids any explicit reference to type Standard.Long_Long_Integer, and also forbids declaring range types whose implicit base type is Long_Long_Integer, and modular types whose size exceeds Long_Integer’Size.


5.1.45 No_Multiple_Elaboration

[GNAT] When this restriction is active and the static elaboration model is used, and -fpreserve-control-flow is not used, the compiler is allowed to suppress the elaboration counter normally associated with the unit, even if the unit has elaboration code. This counter is typically used to check for access before elaboration and to control multiple elaboration attempts. If the restriction is used, then the situations in which multiple elaboration is possible, including non-Ada main programs and Stand Alone libraries, are not permitted and will be diagnosed by the binder.


5.1.46 No_Nested_Finalization

[RM D.7] All objects requiring finalization are declared at the library level.


5.1.47 No_Protected_Type_Allocators

[RM D.7] This restriction ensures at compile time that there are no allocator expressions that attempt to allocate protected objects.


5.1.48 No_Protected_Types

[RM H.4] This restriction ensures at compile time that there are no declarations of protected types or protected objects.


5.1.49 No_Recursion

[RM H.4] A program execution is erroneous if a subprogram is invoked as part of its execution.


5.1.50 No_Reentrancy

[RM H.4] A program execution is erroneous if a subprogram is executed by two tasks at the same time.


5.1.51 No_Relative_Delay

[RM D.7] This restriction ensures at compile time that there are no delay relative statements and prevents expressions such as delay 1.23; from appearing in source code.


5.1.52 No_Requeue_Statements

[RM D.7] This restriction ensures at compile time that no requeue statements are permitted and prevents keyword requeue from being used in source code.

The restriction No_Requeue is recognized as a synonym for No_Requeue_Statements. This is retained for historical compatibility purposes (and a warning will be generated for its use if warnings on oNobsolescent features are activated).


5.1.53 No_Secondary_Stack

[GNAT] This restriction ensures at compile time that the generated code does not contain any reference to the secondary stack. The secondary stack is used to implement functions returning unconstrained objects (arrays or records) on some targets. Suppresses the allocation of secondary stacks for tasks (excluding the environment task) at run time.


5.1.54 No_Select_Statements

[RM D.7] This restriction ensures at compile time no select statements of any kind are permitted, that is the keyword select may not appear.


5.1.55 No_Specific_Termination_Handlers

[RM D.7] There are no calls to Ada.Task_Termination.Set_Specific_Handler or to Ada.Task_Termination.Specific_Handler.


5.1.56 No_Specification_of_Aspect

[RM 13.12.1] This restriction checks at compile time that no aspect specification, attribute definition clause, or pragma is given for a given aspect.


5.1.57 No_Standard_Allocators_After_Elaboration

[RM D.7] Specifies that an allocator using a standard storage pool should never be evaluated at run time after the elaboration of the library items of the partition has completed. Otherwise, Storage_Error is raised.


5.1.58 No_Standard_Storage_Pools

[GNAT] This restriction ensures at compile time that no access types use the standard default storage pool. Any access type declared must have an explicit Storage_Pool attribute defined specifying a user-defined storage pool.


5.1.59 No_Stream_Optimizations

[GNAT] This restriction affects the performance of stream operations on types String, Wide_String and Wide_Wide_String. By default, the compiler uses block reads and writes when manipulating String objects due to their superior performance. When this restriction is in effect, the compiler performs all IO operations on a per-character basis.


5.1.60 No_Streams

[GNAT] This restriction ensures at compile/bind time that there are no stream objects created and no use of stream attributes. This restriction does not forbid dependences on the package Ada.Streams. So it is permissible to with Ada.Streams (or another package that does so itself) as long as no actual stream objects are created and no stream attributes are used.

Note that the use of restriction allows optimization of tagged types, since they do not need to worry about dispatching stream operations. To take maximum advantage of this space-saving optimization, any unit declaring a tagged type should be compiled with the restriction, though this is not required.


5.1.61 No_Task_Allocators

[RM D.7] There are no allocators for task types or types containing task subcomponents.


5.1.62 No_Task_At_Interrupt_Priority

[GNAT] This restriction ensures at compile time that there is no Interrupt_Priority aspect or pragma for a task or a task type. As a consequence, the tasks are always created with a priority below that an interrupt priority.


5.1.63 No_Task_Attributes_Package

[GNAT] This restriction ensures at compile time that there are no implicit or explicit dependencies on the package Ada.Task_Attributes.

The restriction No_Task_Attributes is recognized as a synonym for No_Task_Attributes_Package. This is retained for historical compatibility purposes (and a warning will be generated for its use if warnings on obsolescent features are activated).


5.1.64 No_Task_Hierarchy

[RM D.7] All (non-environment) tasks depend directly on the environment task of the partition.


5.1.65 No_Task_Termination

[RM D.7] Tasks that terminate are erroneous.


5.1.66 No_Tasking

[GNAT] This restriction prevents the declaration of tasks or task types throughout the partition. It is similar in effect to the use of Max_Tasks => 0 except that violations are caught at compile time and cause an error message to be output either by the compiler or binder.


5.1.67 No_Terminate_Alternatives

[RM D.7] There are no selective accepts with terminate alternatives.


5.1.68 No_Unchecked_Access

[RM H.4] This restriction ensures at compile time that there are no occurrences of the Unchecked_Access attribute.


5.1.69 No_Unchecked_Conversion

[RM J.13] This restriction ensures at compile time that there are no semantic dependences on the predefined generic function Unchecked_Conversion.


5.1.70 No_Unchecked_Deallocation

[RM J.13] This restriction ensures at compile time that there are no semantic dependences on the predefined generic procedure Unchecked_Deallocation.


5.1.71 No_Use_Of_Entity

[GNAT] This restriction ensures at compile time that there are no references to the entity given in the form

No_Use_Of_Entity => Name

where Name is the fully qualified entity, for example

No_Use_Of_Entity => Ada.Text_IO.Put_Line

5.1.72 Pure_Barriers

[GNAT] This restriction ensures at compile time that protected entry barriers are restricted to:

  • * components of the protected object (excluding selection from dereferences),
  • * constant declarations,
  • * named numbers,
  • * enumeration literals,
  • * integer literals,
  • * real literals,
  • * character literals,
  • * implicitly defined comparison operators,
  • * uses of the Standard."not" operator,
  • * short-circuit operator,
  • * the Count attribute

This restriction is a relaxation of the Simple_Barriers restriction, but still ensures absence of side effects, exceptions, and recursion during the evaluation of the barriers.


5.1.73 Simple_Barriers

[RM D.7] This restriction ensures at compile time that barriers in entry declarations for protected types are restricted to either static boolean expressions or references to simple boolean variables defined in the private part of the protected type. No other form of entry barriers is permitted.

The restriction Boolean_Entry_Barriers is recognized as a synonym for Simple_Barriers. This is retained for historical compatibility purposes (and a warning will be generated for its use if warnings on obsolescent features are activated).


5.1.74 Static_Priorities

[GNAT] This restriction ensures at compile time that all priority expressions are static, and that there are no dependences on the package Ada.Dynamic_Priorities.


5.1.75 Static_Storage_Size

[GNAT] This restriction ensures at compile time that any expression appearing in a Storage_Size pragma or attribute definition clause is static.


5.2 Program Unit Level Restrictions

The second set of restriction identifiers does not require partition-wide consistency. The restriction may be enforced for a single compilation unit without any effect on any of the other compilation units in the partition.


5.2.1 No_Elaboration_Code

[GNAT] This restriction ensures at compile time that no elaboration code is generated. Note that this is not the same condition as is enforced by pragma Preelaborate. There are cases in which pragma Preelaborate still permits code to be generated (e.g., code to initialize a large array to all zeroes), and there are cases of units which do not meet the requirements for pragma Preelaborate, but for which no elaboration code is generated. Generally, it is the case that preelaborable units will meet the restrictions, with the exception of large aggregates initialized with an others_clause, and exception declarations (which generate calls to a run-time registry procedure). This restriction is enforced on a unit by unit basis, it need not be obeyed consistently throughout a partition.

In the case of aggregates with others, if the aggregate has a dynamic size, there is no way to eliminate the elaboration code (such dynamic bounds would be incompatible with Preelaborate in any case). If the bounds are static, then use of this restriction actually modifies the code choice of the compiler to avoid generating a loop, and instead generate the aggregate statically if possible, no matter how many times the data for the others clause must be repeatedly generated.

It is not possible to precisely document the constructs which are compatible with this restriction, since, unlike most other restrictions, this is not a restriction on the source code, but a restriction on the generated object code. For example, if the source contains a declaration:

Val : constant Integer := X;

where X is not a static constant, it may be possible, depending on complex optimization circuitry, for the compiler to figure out the value of X at compile time, in which case this initialization can be done by the loader, and requires no initialization code. It is not possible to document the precise conditions under which the optimizer can figure this out.

Note that this the implementation of this restriction requires full code generation. If it is used in conjunction with "semantics only" checking, then some cases of violations may be missed.

When this restriction is active, we are not requesting control-flow preservation with -fpreserve-control-flow, and the static elaboration model is used, the compiler is allowed to suppress the elaboration counter normally associated with the unit. This counter is typically used to check for access before elaboration and to control multiple elaboration attempts.


5.2.2 No_Dynamic_Sized_Objects

[GNAT] This restriction disallows certain constructs that might lead to the creation of dynamic-sized composite objects (or array or discriminated type). An array subtype indication is illegal if the bounds are not static or references to discriminants of an enclosing type. A discriminated subtype indication is illegal if the type has discriminant-dependent array components or a variant part, and the discriminants are not static. In addition, array and record aggregates are illegal in corresponding cases. Note that this restriction does not forbid access discriminants. It is often a good idea to combine this restriction with No_Secondary_Stack.


5.2.3 No_Entry_Queue

[GNAT] This restriction is a declaration that any protected entry compiled in the scope of the restriction has at most one task waiting on the entry at any one time, and so no queue is required. This restriction is not checked at compile time. A program execution is erroneous if an attempt is made to queue a second task on such an entry.


5.2.4 No_Implementation_Aspect_Specifications

[RM 13.12.1] This restriction checks at compile time that no GNAT-defined aspects are present. With this restriction, the only aspects that can be used are those defined in the Ada Reference Manual.


5.2.5 No_Implementation_Attributes

[RM 13.12.1] This restriction checks at compile time that no GNAT-defined attributes are present. With this restriction, the only attributes that can be used are those defined in the Ada Reference Manual.


5.2.6 No_Implementation_Identifiers

[RM 13.12.1] This restriction checks at compile time that no implementation-defined identifiers (marked with pragma Implementation_Defined) occur within language-defined packages.


5.2.7 No_Implementation_Pragmas

[RM 13.12.1] This restriction checks at compile time that no GNAT-defined pragmas are present. With this restriction, the only pragmas that can be used are those defined in the Ada Reference Manual.


5.2.8 No_Implementation_Restrictions

[GNAT] This restriction checks at compile time that no GNAT-defined restriction identifiers (other than No_Implementation_Restrictions itself) are present. With this restriction, the only other restriction identifiers that can be used are those defined in the Ada Reference Manual.


5.2.9 No_Implementation_Units

[RM 13.12.1] This restriction checks at compile time that there is no mention in the context clause of any implementation-defined descendants of packages Ada, Interfaces, or System.


5.2.10 No_Implicit_Aliasing

[GNAT] This restriction, which is not required to be partition-wide consistent, requires an explicit aliased keyword for an object to which ’Access, ’Unchecked_Access, or ’Address is applied, and forbids entirely the use of the ’Unrestricted_Access attribute for objects. Note: the reason that Unrestricted_Access is forbidden is that it would require the prefix to be aliased, and in such cases, it can always be replaced by the standard attribute Unchecked_Access which is preferable.


5.2.11 No_Implicit_Loops

[GNAT] This restriction ensures that the generated code of the unit marked with this restriction does not contain any implicit for loops, either by modifying the generated code where possible, or by rejecting any construct that would otherwise generate an implicit for loop. If this restriction is active, it is possible to build large array aggregates with all static components without generating an intermediate temporary, and without generating a loop to initialize individual components. Otherwise, a loop is created for arrays larger than about 5000 scalar components. Note that if this restriction is set in the spec of a package, it will not apply to its body.


5.2.12 No_Obsolescent_Features

[RM 13.12.1] This restriction checks at compile time that no obsolescent features are used, as defined in Annex J of the Ada Reference Manual.


5.2.13 No_Wide_Characters

[GNAT] This restriction ensures at compile time that no uses of the types Wide_Character or Wide_String or corresponding wide wide types appear, and that no wide or wide wide string or character literals appear in the program (that is literals representing characters not in type Character).


5.2.14 Static_Dispatch_Tables

[GNAT] This restriction checks at compile time that all the artifacts associated with dispatch tables can be placed in read-only memory.


5.2.15 SPARK_05

[GNAT] This restriction no longer has any effect and is superseded by SPARK 2014, whose restrictions are checked by the tool GNATprove. To check that a codebase respects SPARK 2014 restrictions, mark the code with pragma or aspect SPARK_Mode, and run the tool GNATprove at Stone assurance level, as follows:

gnatprove -P project.gpr --mode=stone

or equivalently:

gnatprove -P project.gpr --mode=check_all

6 Implementation Advice

The main text of the Ada Reference Manual describes the required behavior of all Ada compilers, and the GNAT compiler conforms to these requirements.

In addition, there are sections throughout the Ada Reference Manual headed by the phrase ’Implementation advice’. These sections are not normative, i.e., they do not specify requirements that all compilers must follow. Rather they provide advice on generally desirable behavior. They are not requirements, because they describe behavior that cannot be provided on all systems, or may be undesirable on some systems.

As far as practical, GNAT follows the implementation advice in the Ada Reference Manual. Each such RM section corresponds to a section in this chapter whose title specifies the RM section number and paragraph number and the subject of the advice. The contents of each section consists of the RM text within quotation marks, followed by the GNAT interpretation of the advice. Most often, this simply says ’followed’, which means that GNAT follows the advice. However, in a number of cases, GNAT deliberately deviates from this advice, in which case the text describes what GNAT does and why.


6.1 RM 1.1.3(20): Error Detection

"If an implementation detects the use of an unsupported Specialized Needs Annex feature at run time, it should raise Program_Error if feasible."

Not relevant. All specialized needs annex features are either supported, or diagnosed at compile time.


6.2 RM 1.1.3(31): Child Units

"If an implementation wishes to provide implementation-defined extensions to the functionality of a language-defined library unit, it should normally do so by adding children to the library unit."

Followed.


6.3 RM 1.1.5(12): Bounded Errors

"If an implementation detects a bounded error or erroneous execution, it should raise Program_Error."

Followed in all cases in which the implementation detects a bounded error or erroneous execution. Not all such situations are detected at runtime.


6.4 RM 2.8(16): Pragmas

"Normally, implementation-defined pragmas should have no semantic effect for error-free programs; that is, if the implementation-defined pragmas are removed from a working program, the program should still be legal, and should still have the same semantics."

The following implementation defined pragmas are exceptions to this rule:

PragmaExplanation
`Abort_Defer'Affects semantics
`Ada_83'Affects legality
`Assert'Affects semantics
`CPP_Class'Affects semantics
`CPP_Constructor'Affects semantics
`Debug'Affects semantics
`Interface_Name'Affects semantics
`Machine_Attribute'Affects semantics
`Unimplemented_Unit'Affects legality
`Unchecked_Union'Affects semantics

In each of the above cases, it is essential to the purpose of the pragma that this advice not be followed. For details see Implementation Defined Pragmas.


6.5 RM 2.8(17-19): Pragmas

"Normally, an implementation should not define pragmas that can make an illegal program legal, except as follows:

  • * A pragma used to complete a declaration, such as a pragma Import;
  • * A pragma used to configure the environment by adding, removing, or replacing library_items."

See RM 2.8(16); Pragmas.


6.6 RM 3.5.2(5): Alternative Character Sets

"If an implementation supports a mode with alternative interpretations for Character and Wide_Character, the set of graphic characters of Character should nevertheless remain a proper subset of the set of graphic characters of Wide_Character. Any character set ’localizations’ should be reflected in the results of the subprograms defined in the language-defined package Characters.Handling (see A.3) available in such a mode. In a mode with an alternative interpretation of Character, the implementation should also support a corresponding change in what is a legal identifier_letter."

Not all wide character modes follow this advice, in particular the JIS and IEC modes reflect standard usage in Japan, and in these encoding, the upper half of the Latin-1 set is not part of the wide-character subset, since the most significant bit is used for wide character encoding. However, this only applies to the external forms. Internally there is no such restriction.


6.7 RM 3.5.4(28): Integer Types

"An implementation should support Long_Integer in addition to Integer if the target machine supports 32-bit (or longer) arithmetic. No other named integer subtypes are recommended for package Standard. Instead, appropriate named integer subtypes should be provided in the library package Interfaces (see B.2)."

Long_Integer is supported. Other standard integer types are supported so this advice is not fully followed. These types are supported for convenient interface to C, and so that all hardware types of the machine are easily available.


6.8 RM 3.5.4(29): Integer Types

"An implementation for a two’s complement machine should support modular types with a binary modulus up to System.Max_Int*2+2. An implementation should support a non-binary modules up to Integer'Last."

Followed.


6.9 RM 3.5.5(8): Enumeration Values

"For the evaluation of a call on S'Pos for an enumeration subtype, if the value of the operand does not correspond to the internal code for any enumeration literal of its type (perhaps due to an un-initialized variable), then the implementation should raise Program_Error. This is particularly important for enumeration types with noncontiguous internal codes specified by an enumeration_representation_clause."

Followed.


6.10 RM 3.5.7(17): Float Types

"An implementation should support Long_Float in addition to Float if the target machine supports 11 or more digits of precision. No other named floating point subtypes are recommended for package Standard. Instead, appropriate named floating point subtypes should be provided in the library package Interfaces (see B.2)."

Short_Float and Long_Long_Float are also provided. The former provides improved compatibility with other implementations supporting this type. The latter corresponds to the highest precision floating-point type supported by the hardware. On most machines, this will be the same as Long_Float, but on some machines, it will correspond to the IEEE extended form. The notable case is all x86 implementations, where Long_Long_Float corresponds to the 80-bit extended precision format supported in hardware on this processor. Note that the 128-bit format on SPARC is not supported, since this is a software rather than a hardware format.


6.11 RM 3.6.2(11): Multidimensional Arrays

"An implementation should normally represent multidimensional arrays in row-major order, consistent with the notation used for multidimensional array aggregates (see 4.3.3). However, if a pragma Convention (Fortran, ...) applies to a multidimensional array type, then column-major order should be used instead (see B.5, `Interfacing with Fortran')."

Followed.


6.12 RM 9.6(30-31): Duration’Small

"Whenever possible in an implementation, the value of Duration'Small should be no greater than 100 microseconds."

Followed. (Duration'Small = 10**(-9)).

"The time base for delay_relative_statements should be monotonic; it need not be the same time base as used for Calendar.Clock."

Followed.


6.13 RM 10.2.1(12): Consistent Representation

"In an implementation, a type declared in a pre-elaborated package should have the same representation in every elaboration of a given version of the package, whether the elaborations occur in distinct executions of the same program, or in executions of distinct programs or partitions that include the given version."

Followed, except in the case of tagged types. Tagged types involve implicit pointers to a local copy of a dispatch table, and these pointers have representations which thus depend on a particular elaboration of the package. It is not easy to see how it would be possible to follow this advice without severely impacting efficiency of execution.


6.14 RM 11.4.1(19): Exception Information

"Exception_Message by default and Exception_Information should produce information useful for debugging. Exception_Message should be short, about one line. Exception_Information can be long. Exception_Message should not include the Exception_Name. Exception_Information should include both the Exception_Name and the Exception_Message."

Followed. For each exception that doesn’t have a specified Exception_Message, the compiler generates one containing the location of the raise statement. This location has the form ’file_name:line’, where file_name is the short file name (without path information) and line is the line number in the file. Note that in the case of the Zero Cost Exception mechanism, these messages become redundant with the Exception_Information that contains a full backtrace of the calling sequence, so they are disabled. To disable explicitly the generation of the source location message, use the Pragma Discard_Names.


6.15 RM 11.5(28): Suppression of Checks

"The implementation should minimize the code executed for checks that have been suppressed."

Followed.


6.16 RM 13.1 (21-24): Representation Clauses

"The recommended level of support for all representation items is qualified as follows:

An implementation need not support representation items containing nonstatic expressions, except that an implementation should support a representation item for a given entity if each nonstatic expression in the representation item is a name that statically denotes a constant declared before the entity."

Followed. In fact, GNAT goes beyond the recommended level of support by allowing nonstatic expressions in some representation clauses even without the need to declare constants initialized with the values of such expressions. For example:

  X : Integer;
  Y : Float;
  for Y'Address use X'Address;>>


"An implementation need not support a specification for the ``Size``
for a given composite subtype, nor the size or storage place for an
object (including a component) of a given composite subtype, unless the
constraints on the subtype and its composite subcomponents (if any) are
all static constraints."

Followed. Size Clauses are not permitted on nonstatic components, as described above.

"An aliased component, or a component whose type is by-reference, should always be allocated at an addressable location."

Followed.


6.17 RM 13.2(6-8): Packed Types

"If a type is packed, then the implementation should try to minimize storage allocated to objects of the type, possibly at the expense of speed of accessing components, subject to reasonable complexity in addressing calculations.

The recommended level of support pragma Pack is:

For a packed record type, the components should be packed as tightly as possible subject to the Sizes of the component subtypes, and subject to any `record_representation_clause' that applies to the type; the implementation may, but need not, reorder components or cross aligned word boundaries to improve the packing. A component whose Size is greater than the word size may be allocated an integral number of words."

Followed. Tight packing of arrays is supported for all component sizes up to 64-bits. If the array component size is 1 (that is to say, if the component is a boolean type or an enumeration type with two values) then values of the type are implicitly initialized to zero. This happens both for objects of the packed type, and for objects that have a subcomponent of the packed type.

"An implementation should support Address clauses for imported subprograms."

Followed.


6.18 RM 13.3(14-19): Address Clauses

"For an array X, X'Address should point at the first component of the array, and not at the array bounds."

Followed.

"The recommended level of support for the Address attribute is:

X'Address should produce a useful result if X is an object that is aliased or of a by-reference type, or is an entity whose Address has been specified."

Followed. A valid address will be produced even if none of those conditions have been met. If necessary, the object is forced into memory to ensure the address is valid.

"An implementation should support Address clauses for imported subprograms."

Followed.

"Objects (including subcomponents) that are aliased or of a by-reference type should be allocated on storage element boundaries."

Followed.

"If the Address of an object is specified, or it is imported or exported, then the implementation should not perform optimizations based on assumptions of no aliases."

Followed.


6.19 RM 13.3(29-35): Alignment Clauses

"The recommended level of support for the Alignment attribute for subtypes is:

An implementation should support specified Alignments that are factors and multiples of the number of storage elements per word, subject to the following:"

Followed.

"An implementation need not support specified Alignments for combinations of Sizes and Alignments that cannot be easily loaded and stored by available machine instructions."

Followed.

"An implementation need not support specified Alignments that are greater than the maximum Alignment the implementation ever returns by default."

Followed.

"The recommended level of support for the Alignment attribute for objects is:

Same as above, for subtypes, but in addition:"

Followed.

"For stand-alone library-level objects of statically constrained subtypes, the implementation should support all alignments supported by the target linker. For example, page alignment is likely to be supported for such objects, but not for subtypes."

Followed.


6.20 RM 13.3(42-43): Size Clauses

"The recommended level of support for the Size attribute of objects is:

A Size clause should be supported for an object if the specified Size is at least as large as its subtype’s Size, and corresponds to a size in storage elements that is a multiple of the object’s Alignment (if the Alignment is nonzero)."

Followed.


6.21 RM 13.3(50-56): Size Clauses

"If the Size of a subtype is specified, and allows for efficient independent addressability (see 9.10) on the target architecture, then the Size of the following objects of the subtype should equal the Size of the subtype:

Aliased objects (including components)."

Followed.

"Size clause on a composite subtype should not affect the internal layout of components."

Followed. But note that this can be overridden by use of the implementation pragma Implicit_Packing in the case of packed arrays.

"The recommended level of support for the Size attribute of subtypes is:

The Size (if not specified) of a static discrete or fixed point subtype should be the number of bits needed to represent each value belonging to the subtype using an unbiased representation, leaving space for a sign bit only if the subtype contains negative values. If such a subtype is a first subtype, then an implementation should support a specified Size for it that reflects this representation."

Followed.

"For a subtype implemented with levels of indirection, the Size should include the size of the pointers, but not the size of what they point at."

Followed.


6.22 RM 13.3(71-73): Component Size Clauses

"The recommended level of support for the Component_Size attribute is:

An implementation need not support specified Component_Sizes that are less than the Size of the component subtype."

Followed.

"An implementation should support specified Component_Sizes that are factors and multiples of the word size. For such Component_Sizes, the array should contain no gaps between components. For other Component_Sizes (if supported), the array should contain no gaps between components when packing is also specified; the implementation should forbid this combination in cases where it cannot support a no-gaps representation."

Followed.


6.23 RM 13.4(9-10): Enumeration Representation Clauses

"The recommended level of support for enumeration representation clauses is:

An implementation need not support enumeration representation clauses for boolean types, but should at minimum support the internal codes in the range System.Min_Int .. System.Max_Int."

Followed.


6.24 RM 13.5.1(17-22): Record Representation Clauses

"The recommended level of support for `record_representation_clause's is:

An implementation should support storage places that can be extracted with a load, mask, shift sequence of machine code, and set with a load, shift, mask, store sequence, given the available machine instructions and run-time model."

Followed.

"A storage place should be supported if its size is equal to the Size of the component subtype, and it starts and ends on a boundary that obeys the Alignment of the component subtype."

Followed.

"If the default bit ordering applies to the declaration of a given type, then for a component whose subtype’s Size is less than the word size, any storage place that does not cross an aligned word boundary should be supported."

Followed.

"An implementation may reserve a storage place for the tag field of a tagged type, and disallow other components from overlapping that place."

Followed. The storage place for the tag field is the beginning of the tagged record, and its size is Address’Size. GNAT will reject an explicit component clause for the tag field.

"An implementation need not support a `component_clause' for a component of an extension part if the storage place is not after the storage places of all components of the parent type, whether or not those storage places had been specified."

Followed. The above advice on record representation clauses is followed, and all mentioned features are implemented.


6.25 RM 13.5.2(5): Storage Place Attributes

"If a component is represented using some form of pointer (such as an offset) to the actual data of the component, and this data is contiguous with the rest of the object, then the storage place attributes should reflect the place of the actual data, not the pointer. If a component is allocated discontinuously from the rest of the object, then a warning should be generated upon reference to one of its storage place attributes."

Followed. There are no such components in GNAT.


6.26 RM 13.5.3(7-8): Bit Ordering

"The recommended level of support for the non-default bit ordering is:

If Word_Size = Storage_Unit, then the implementation should support the non-default bit ordering in addition to the default bit ordering."

Followed. Word size does not equal storage size in this implementation. Thus non-default bit ordering is not supported.


6.27 RM 13.7(37): Address as Private

"Address should be of a private type."

Followed.


6.28 RM 13.7.1(16): Address Operations

"Operations in System and its children should reflect the target environment semantics as closely as is reasonable. For example, on most machines, it makes sense for address arithmetic to ’wrap around’. Operations that do not make sense should raise Program_Error."

Followed. Address arithmetic is modular arithmetic that wraps around. No operation raises Program_Error, since all operations make sense.


6.29 RM 13.9(14-17): Unchecked Conversion

"The Size of an array object should not include its bounds; hence, the bounds should not be part of the converted data."

Followed.

"The implementation should not generate unnecessary run-time checks to ensure that the representation of S is a representation of the target type. It should take advantage of the permission to return by reference when possible. Restrictions on unchecked conversions should be avoided unless required by the target environment."

Followed. There are no restrictions on unchecked conversion. A warning is generated if the source and target types do not have the same size since the semantics in this case may be target dependent.

"The recommended level of support for unchecked conversions is:

Unchecked conversions should be supported and should be reversible in the cases where this clause defines the result. To enable meaningful use of unchecked conversion, a contiguous representation should be used for elementary subtypes, for statically constrained array subtypes whose component subtype is one of the subtypes described in this paragraph, and for record subtypes without discriminants whose component subtypes are described in this paragraph."

Followed.


6.30 RM 13.11(23-25): Implicit Heap Usage

"An implementation should document any cases in which it dynamically allocates heap storage for a purpose other than the evaluation of an allocator."

Followed, the only other points at which heap storage is dynamically allocated are as follows:

  • * At initial elaboration time, to allocate dynamically sized global objects.
  • * To allocate space for a task when a task is created.
  • * To extend the secondary stack dynamically when needed. The secondary stack is used for returning variable length results.

"A default (implementation-provided) storage pool for an access-to-constant type should not have overhead to support deallocation of individual objects."

Followed.

"A storage pool for an anonymous access type should be created at the point of an allocator for the type, and be reclaimed when the designated object becomes inaccessible."

Followed.


6.31 RM 13.11.2(17): Unchecked Deallocation

"For a standard storage pool, Free should actually reclaim the storage."

Followed.


6.32 RM 13.13.2(1.6): Stream Oriented Attributes

"If not specified, the value of Stream_Size for an elementary type should be the number of bits that corresponds to the minimum number of stream elements required by the first subtype of the type, rounded up to the nearest factor or multiple of the word size that is also a multiple of the stream element size."

Followed, except that the number of stream elements is 1, 2, 3, 4 or 8. The Stream_Size may be used to override the default choice.

The default implementation is based on direct binary representations and is therefore target- and endianness-dependent. To address this issue, GNAT also supplies an alternate implementation of the stream attributes Read and Write, which uses the target-independent XDR standard representation for scalar types. This XDR alternative can be enabled via the binder switch -xdr.


6.33 RM A.1(52): Names of Predefined Numeric Types

"If an implementation provides additional named predefined integer types, then the names should end with Integer as in Long_Integer. If an implementation provides additional named predefined floating point types, then the names should end with Float as in Long_Float."

Followed.


6.34 RM A.3.2(49): Ada.Characters.Handling

"If an implementation provides a localized definition of Character or Wide_Character, then the effects of the subprograms in Characters.Handling should reflect the localizations. See also 3.5.2."

Followed. GNAT provides no such localized definitions.


6.35 RM A.4.4(106): Bounded-Length String Handling

"Bounded string objects should not be implemented by implicit pointers and dynamic allocation."

Followed. No implicit pointers or dynamic allocation are used.


6.36 RM A.5.2(46-47): Random Number Generation

"Any storage associated with an object of type Generator should be reclaimed on exit from the scope of the object."

Followed.

"If the generator period is sufficiently long in relation to the number of distinct initiator values, then each possible value of Initiator passed to Reset should initiate a sequence of random numbers that does not, in a practical sense, overlap the sequence initiated by any other value. If this is not possible, then the mapping between initiator values and generator states should be a rapidly varying function of the initiator value."

Followed. The generator period is sufficiently long for the first condition here to hold true.


6.37 RM A.10.7(23): Get_Immediate

"The Get_Immediate procedures should be implemented with unbuffered input. For a device such as a keyboard, input should be available if a key has already been typed, whereas for a disk file, input should always be available except at end of file. For a file associated with a keyboard-like device, any line-editing features of the underlying operating system should be disabled during the execution of Get_Immediate."

Followed on all targets except VxWorks. For VxWorks, there is no way to provide this functionality that does not result in the input buffer being flushed before the Get_Immediate call. A special unit Interfaces.Vxworks.IO is provided that contains routines to enable this functionality.


6.38 RM B.1(39-41): Pragma Export

"If an implementation supports pragma Export to a given language, then it should also allow the main subprogram to be written in that language. It should support some mechanism for invoking the elaboration of the Ada library units included in the system, and for invoking the finalization of the environment task. On typical systems, the recommended mechanism is to provide two subprograms whose link names are adainit and adafinal. adainit should contain the elaboration code for library units. adafinal should contain the finalization code. These subprograms should have no effect the second and subsequent time they are called."

Followed.

"Automatic elaboration of pre-elaborated packages should be provided when pragma Export is supported."

Followed when the main program is in Ada. If the main program is in a foreign language, then adainit must be called to elaborate pre-elaborated packages.

"For each supported convention `L' other than Intrinsic, an implementation should support Import and Export pragmas for objects of `L'-compatible types and for subprograms, and pragma Convention for `L'-eligible types and for subprograms, presuming the other language has corresponding features. Pragma Convention need not be supported for scalar types."

Followed.


6.39 RM B.2(12-13): Package Interfaces

"For each implementation-defined convention identifier, there should be a child package of package Interfaces with the corresponding name. This package should contain any declarations that would be useful for interfacing to the language (implementation) represented by the convention. Any declarations useful for interfacing to any language on the given hardware architecture should be provided directly in Interfaces."

Followed.

"An implementation supporting an interface to C, COBOL, or Fortran should provide the corresponding package or packages described in the following clauses."

Followed. GNAT provides all the packages described in this section.


6.40 RM B.3(63-71): Interfacing with C

"An implementation should support the following interface correspondences between Ada and C."

Followed.

"An Ada procedure corresponds to a void-returning C function."

Followed.

"An Ada function corresponds to a non-void C function."

Followed.

"An Ada in scalar parameter is passed as a scalar argument to a C function."

Followed.

"An Ada in parameter of an access-to-object type with designated type T is passed as a t* argument to a C function, where t is the C type corresponding to the Ada type T."

Followed.

"An Ada access T parameter, or an Ada out or in out parameter of an elementary type T, is passed as a t* argument to a C function, where t is the C type corresponding to the Ada type T. In the case of an elementary out or in out parameter, a pointer to a temporary copy is used to preserve by-copy semantics."

Followed.

"An Ada parameter of a record type T, of any mode, is passed as a t* argument to a C function, where t is the C structure corresponding to the Ada type T."

Followed. This convention may be overridden by the use of the C_Pass_By_Copy pragma, or Convention, or by explicitly specifying the mechanism for a given call using an extended import or export pragma.

"An Ada parameter of an array type with component type T, of any mode, is passed as a t* argument to a C function, where t is the C type corresponding to the Ada type T."

Followed.

"An Ada parameter of an access-to-subprogram type is passed as a pointer to a C function whose prototype corresponds to the designated subprogram’s specification."

Followed.


6.41 RM B.4(95-98): Interfacing with COBOL

"An Ada implementation should support the following interface correspondences between Ada and COBOL."

Followed.

"An Ada access T parameter is passed as a BY REFERENCE data item of the COBOL type corresponding to T."

Followed.

"An Ada in scalar parameter is passed as a BY CONTENT data item of the corresponding COBOL type."

Followed.

"Any other Ada parameter is passed as a BY REFERENCE data item of the COBOL type corresponding to the Ada parameter type; for scalars, a local copy is used if necessary to ensure by-copy semantics."

Followed.


6.42 RM B.5(22-26): Interfacing with Fortran

"An Ada implementation should support the following interface correspondences between Ada and Fortran:"

Followed.

"An Ada procedure corresponds to a Fortran subroutine."

Followed.

"An Ada function corresponds to a Fortran function."

Followed.

"An Ada parameter of an elementary, array, or record type T is passed as a T argument to a Fortran procedure, where T is the Fortran type corresponding to the Ada type T, and where the INTENT attribute of the corresponding dummy argument matches the Ada formal parameter mode; the Fortran implementation’s parameter passing conventions are used. For elementary types, a local copy is used if necessary to ensure by-copy semantics."

Followed.

"An Ada parameter of an access-to-subprogram type is passed as a reference to a Fortran procedure whose interface corresponds to the designated subprogram’s specification."

Followed.


6.43 RM C.1(3-5): Access to Machine Operations

"The machine code or intrinsic support should allow access to all operations normally available to assembly language programmers for the target environment, including privileged instructions, if any."

Followed.

"The interfacing pragmas (see Annex B) should support interface to assembler; the default assembler should be associated with the convention identifier Assembler."

Followed.

"If an entity is exported to assembly language, then the implementation should allocate it at an addressable location, and should ensure that it is retained by the linking process, even if not otherwise referenced from the Ada code. The implementation should assume that any call to a machine code or assembler subprogram is allowed to read or update every object that is specified as exported."

Followed.


6.44 RM C.1(10-16): Access to Machine Operations

"The implementation should ensure that little or no overhead is associated with calling intrinsic and machine-code subprograms."

Followed for both intrinsics and machine-code subprograms.

"It is recommended that intrinsic subprograms be provided for convenient access to any machine operations that provide special capabilities or efficiency and that are not otherwise available through the language constructs."

Followed. A full set of machine operation intrinsic subprograms is provided.

"Atomic read-modify-write operations—e.g., test and set, compare and swap, decrement and test, enqueue/dequeue."

Followed on any target supporting such operations.

"Standard numeric functions—e.g.:, sin, log."

Followed on any target supporting such operations.

"String manipulation operations—e.g.:, translate and test."

Followed on any target supporting such operations.

"Vector operations—e.g.:, compare vector against thresholds."

Followed on any target supporting such operations.

"Direct operations on I/O ports."

Followed on any target supporting such operations.


6.45 RM C.3(28): Interrupt Support

"If the Ceiling_Locking policy is not in effect, the implementation should provide means for the application to specify which interrupts are to be blocked during protected actions, if the underlying system allows for a finer-grain control of interrupt blocking."

Followed. The underlying system does not allow for finer-grain control of interrupt blocking.


6.46 RM C.3.1(20-21): Protected Procedure Handlers

"Whenever possible, the implementation should allow interrupt handlers to be called directly by the hardware."

Followed on any target where the underlying operating system permits such direct calls.

"Whenever practical, violations of any implementation-defined restrictions should be detected before run time."

Followed. Compile time warnings are given when possible.


6.47 RM C.3.2(25): Package Interrupts

"If implementation-defined forms of interrupt handler procedures are supported, such as protected procedures with parameters, then for each such form of a handler, a type analogous to Parameterless_Handler should be specified in a child package of Interrupts, with the same operations as in the predefined package Interrupts."

Followed.


6.48 RM C.4(14): Pre-elaboration Requirements

"It is recommended that pre-elaborated packages be implemented in such a way that there should be little or no code executed at run time for the elaboration of entities not already covered by the Implementation Requirements."

Followed. Executable code is generated in some cases, e.g., loops to initialize large arrays.


6.49 RM C.5(8): Pragma Discard_Names

"If the pragma applies to an entity, then the implementation should reduce the amount of storage used for storing names associated with that entity."

Followed.


6.50 RM C.7.2(30): The Package Task_Attributes

"Some implementations are targeted to domains in which memory use at run time must be completely deterministic. For such implementations, it is recommended that the storage for task attributes will be pre-allocated statically and not from the heap. This can be accomplished by either placing restrictions on the number and the size of the task’s attributes, or by using the pre-allocated storage for the first N attribute objects, and the heap for the others. In the latter case, N should be documented."

Not followed. This implementation is not targeted to such a domain.


6.51 RM D.3(17): Locking Policies

"The implementation should use names that end with _Locking for locking policies defined by the implementation."

Followed. Two implementation-defined locking policies are defined, whose names (Inheritance_Locking and Concurrent_Readers_Locking) follow this suggestion.


6.52 RM D.4(16): Entry Queuing Policies

"Names that end with _Queuing should be used for all implementation-defined queuing policies."

Followed. No such implementation-defined queuing policies exist.


6.53 RM D.6(9-10): Preemptive Abort

"Even though the `abort_statement' is included in the list of potentially blocking operations (see 9.5.1), it is recommended that this statement be implemented in a way that never requires the task executing the `abort_statement' to block."

Followed.

"On a multi-processor, the delay associated with aborting a task on another processor should be bounded; the implementation should use periodic polling, if necessary, to achieve this."

Followed.


6.54 RM D.7(21): Tasking Restrictions

"When feasible, the implementation should take advantage of the specified restrictions to produce a more efficient implementation."

GNAT currently takes advantage of these restrictions by providing an optimized run time when the Ravenscar profile and the GNAT restricted run time set of restrictions are specified. See pragma Profile (Ravenscar) and pragma Profile (Restricted) for more details.


6.55 RM D.8(47-49): Monotonic Time

"When appropriate, implementations should provide configuration mechanisms to change the value of Tick."

Such configuration mechanisms are not appropriate to this implementation and are thus not supported.

"It is recommended that Calendar.Clock and Real_Time.Clock be implemented as transformations of the same time base."

Followed.

"It is recommended that the best time base which exists in the underlying system be available to the application through Clock. Best may mean highest accuracy or largest range."

Followed.


6.56 RM E.5(28-29): Partition Communication Subsystem

"Whenever possible, the PCS on the called partition should allow for multiple tasks to call the RPC-receiver with different messages and should allow them to block until the corresponding subprogram body returns."

Followed by GLADE, a separately supplied PCS that can be used with GNAT.

"The Write operation on a stream of type Params_Stream_Type should raise Storage_Error if it runs out of space trying to write the Item into the stream."

Followed by GLADE, a separately supplied PCS that can be used with GNAT.


6.57 RM F(7): COBOL Support

"If COBOL (respectively, C) is widely supported in the target environment, implementations supporting the Information Systems Annex should provide the child package Interfaces.COBOL (respectively, Interfaces.C) specified in Annex B and should support a convention_identifier of COBOL (respectively, C) in the interfacing pragmas (see Annex B), thus allowing Ada programs to interface with programs written in that language."

Followed.


6.58 RM F.1(2): Decimal Radix Support

"Packed decimal should be used as the internal representation for objects of subtype S when S’Machine_Radix = 10."

Not followed. GNAT ignores S’Machine_Radix and always uses binary representations.


6.59 RM G: Numerics

"If Fortran (respectively, C) is widely supported in the target environment, implementations supporting the Numerics Annex should provide the child package Interfaces.Fortran (respectively, Interfaces.C) specified in Annex B and should support a convention_identifier of Fortran (respectively, C) in the interfacing pragmas (see Annex B), thus allowing Ada programs to interface with programs written in that language."

Followed.


6.60 RM G.1.1(56-58): Complex Types

"Because the usual mathematical meaning of multiplication of a complex operand and a real operand is that of the scaling of both components of the former by the latter, an implementation should not perform this operation by first promoting the real operand to complex type and then performing a full complex multiplication. In systems that, in the future, support an Ada binding to IEC 559:1989, the latter technique will not generate the required result when one of the components of the complex operand is infinite. (Explicit multiplication of the infinite component by the zero component obtained during promotion yields a NaN that propagates into the final result.) Analogous advice applies in the case of multiplication of a complex operand and a pure-imaginary operand, and in the case of division of a complex operand by a real or pure-imaginary operand."

Not followed.

"Similarly, because the usual mathematical meaning of addition of a complex operand and a real operand is that the imaginary operand remains unchanged, an implementation should not perform this operation by first promoting the real operand to complex type and then performing a full complex addition. In implementations in which the Signed_Zeros attribute of the component type is True (and which therefore conform to IEC 559:1989 in regard to the handling of the sign of zero in predefined arithmetic operations), the latter technique will not generate the required result when the imaginary component of the complex operand is a negatively signed zero. (Explicit addition of the negative zero to the zero obtained during promotion yields a positive zero.) Analogous advice applies in the case of addition of a complex operand and a pure-imaginary operand, and in the case of subtraction of a complex operand and a real or pure-imaginary operand."

Not followed.

"Implementations in which Real'Signed_Zeros is True should attempt to provide a rational treatment of the signs of zero results and result components. As one example, the result of the Argument function should have the sign of the imaginary component of the parameter X when the point represented by that parameter lies on the positive real axis; as another, the sign of the imaginary component of the Compose_From_Polar function should be the same as (respectively, the opposite of) that of the Argument parameter when that parameter has a value of zero and the Modulus parameter has a nonnegative (respectively, negative) value."

Followed.


6.61 RM G.1.2(49): Complex Elementary Functions

"Implementations in which Complex_Types.Real'Signed_Zeros is True should attempt to provide a rational treatment of the signs of zero results and result components. For example, many of the complex elementary functions have components that are odd functions of one of the parameter components; in these cases, the result component should have the sign of the parameter component at the origin. Other complex elementary functions have zero components whose sign is opposite that of a parameter component at the origin, or is always positive or always negative."

Followed.


6.62 RM G.2.4(19): Accuracy Requirements

"The versions of the forward trigonometric functions without a Cycle parameter should not be implemented by calling the corresponding version with a Cycle parameter of 2.0*Numerics.Pi, since this will not provide the required accuracy in some portions of the domain. For the same reason, the version of Log without a Base parameter should not be implemented by calling the corresponding version with a Base parameter of Numerics.e."

Followed.


6.63 RM G.2.6(15): Complex Arithmetic Accuracy

"The version of the Compose_From_Polar function without a Cycle parameter should not be implemented by calling the corresponding version with a Cycle parameter of 2.0*Numerics.Pi, since this will not provide the required accuracy in some portions of the domain."

Followed.


6.64 RM H.6(15/2): Pragma Partition_Elaboration_Policy

"If the partition elaboration policy is Sequential and the Environment task becomes permanently blocked during elaboration then the partition is deadlocked and it is recommended that the partition be immediately terminated."

Not followed.


7 Implementation Defined Characteristics

In addition to the implementation dependent pragmas and attributes, and the implementation advice, there are a number of other Ada features that are potentially implementation dependent and are designated as implementation-defined. These are mentioned throughout the Ada Reference Manual, and are summarized in Annex M.

A requirement for conforming Ada compilers is that they provide documentation describing how the implementation deals with each of these issues. In this chapter you will find each point in Annex M listed, followed by a description of how GNAT handles the implementation dependence.

You can use this chapter as a guide to minimizing implementation dependent features in your programs if portability to other compilers and other operating systems is an important consideration. The numbers in each entry below correspond to the paragraph numbers in the Ada Reference Manual.

See Implementation Advice.

The complexity of programs that can be processed is limited only by the total amount of available virtual memory, and disk space for the generated object files.

There are no variations from the standard.

Any `code_statement' can potentially cause external interactions.

See separate section on source representation.

See separate section on source representation.

See separate section on source representation.

The maximum line length is 255 characters and the maximum length of a lexical element is also 255 characters. This is the default setting if not overridden by the use of compiler switch `-gnaty' (which sets the maximum to 79) or `-gnatyMnn' which allows the maximum line length to be specified to be any value up to 32767. The maximum length of a lexical element is the same as the maximum line length.

See Implementation Defined Pragmas.

Pragma Optimize, if given with a Time or Space parameter, checks that the optimization flag is set, and aborts if it is not.

The sequence of characters is as defined by the wide character encoding method used for the source. See section on source representation for further details.

TypeRepresentation
`Short_Short_Integer'8-bit signed
`Short_Integer'16-bit signed
`Integer'32-bit signed
`Long_Integer'64-bit signed (on most 64-bit targets, depending on the C definition of long) 32-bit signed (on all other targets)
`Long_Long_Integer'64-bit signed
`Long_Long_Long_Integer'128-bit signed (on 64-bit targets) 64-bit signed (on 32-bit targets)

There are no nonstandard integer types.

There are no nonstandard real types.

The precision and range is as defined by the IEEE standard.

TypeRepresentation
`Short_Float'32 bit IEEE short
`Float'(Short) 32 bit IEEE short
`Long_Float'64 bit IEEE long
`Long_Long_Float'64 bit IEEE long (80 bit IEEE long on x86 processors)

The small is the largest power of two that does not exceed the delta.

For an ordinary fixed point type, on 32-bit platforms, the small must lie in 2.0**(-80) .. 2.0**80 and the range in -9.0E+36 .. 9.0E+36; any combination is permitted that does not result in a mantissa larger than 63 bits.

On 64-bit platforms, the small must lie in 2.0**(-127) .. 2.0**127 and the range in -1.0E+76 .. 1.0E+76; any combination is permitted that does not result in a mantissa larger than 63 bits, and any combination is permitted that results in a mantissa between 64 and 127 bits if the small is the ratio of two integers that lie in 1 .. 2.0**127.

If the small is the ratio of two integers with 64-bit magnitude on 32-bit platforms and 128-bit magnitude on 64-bit platforms, which is the case if no small clause is provided, then the operations of the fixed point type are entirely implemented by means of integer instructions. In the other cases, some operations, in particular input and output, may be implemented by means of floating-point instructions and may be affected by accuracy issues on architectures other than x86.

For a decimal fixed point type, on 32-bit platforms, the small must lie in 1.0E-18 .. 1.0E+18 and the digits in 1 .. 18. On 64-bit platforms, the small must lie in 1.0E-38 .. 1.0E+38 and the digits in 1 .. 38.

Block numbers of the form B`nnn', where `nnn' is a decimal integer are allocated.

See Implementation Defined Attributes.

There are no implementation-defined time types.

See 9.6(20). The time base used is that provided by the C library function gettimeofday.

The time base used is that provided by the C library function gettimeofday.

The time zone used by package Calendar is the current system time zone setting for local time, as accessed by the C library function localtime.

There are no such limits.

Separate components are independently addressable if they do not share overlapping storage units.

A compilation is represented by a sequence of files presented to the compiler in a single invocation of the `gcc' command.

No single file can contain more than one compilation unit, but any sequence of files can be presented to the compiler as a single compilation.

See separate section on compilation model.

If a unit contains an Ada main program, then the Ada units for the partition are determined by recursive application of the rules in the Ada Reference Manual section 10.2(2-6). In other words, the Ada units will be those that are needed by the main program, and then this definition of need is applied recursively to those units, and the partition contains the transitive closure determined by this relationship. In short, all the necessary units are included, with no need to explicitly specify the list. If additional units are required, e.g., by foreign language units, then all units must be mentioned in the context clause of one of the needed Ada units.

If the partition contains no main program, or if the main program is in a language other than Ada, then GNAT provides the binder options `-z' and `-n' respectively, and in this case a list of units can be explicitly supplied to the binder for inclusion in the partition (all units needed by these units will also be included automatically). For full details on the use of these options, refer to `GNAT Make Program gnatmake' in the GNAT User’s Guide.

The units needed by a given compilation unit are as defined in the Ada Reference Manual section 10.2(2-6). There are no implementation-defined pragmas or other implementation-defined means for specifying needed units.

The main program is designated by providing the name of the corresponding ALI file as the input parameter to the binder.

The first constraint on ordering is that it meets the requirements of Chapter 10 of the Ada Reference Manual. This still leaves some implementation dependent choices, which are resolved by first elaborating bodies as early as possible (i.e., in preference to specs where there is a choice), and second by evaluating the immediate with clauses of a unit to determine the probably best choice, and third by elaborating in alphabetical order of unit names where a choice still remains.

The main program has no parameters. It may be a procedure, or a function returning an integer type. In the latter case, the returned integer value is the return code of the program (overriding any value that may have been set by a call to Ada.Command_Line.Set_Exit_Status).

GNAT itself supports programs with only a single partition. The GNATDIST tool provided with the GLADE package (which also includes an implementation of the PCS) provides a completely flexible method for building and running programs consisting of multiple partitions. See the separate GLADE manual for details.

See separate section on compilation model.

Passive partitions are supported on targets where shared memory is provided by the operating system. See the GLADE reference manual for further details.

Exception message returns the null string unless a specific message has been passed by the program.

Blocks have implementation defined names of the form B`nnn' where `nnn' is an integer.

Exception_Information returns a string in the following format:

*Exception_Name:* nnnnn
*Message:* mmmmm
*PID:* ppp
*Load address:* 0xhhhh
*Call stack traceback locations:*
0xhhhh 0xhhhh 0xhhhh ... 0xhhh

where

  • * nnnn is the fully qualified name of the exception in all upper case letters. This line is always present.
  • * mmmm is the message (this line present only if message is non-null)
  • * ppp is the Process Id value as a decimal integer (this line is present only if the Process Id is nonzero). Currently we are not making use of this field.
  • * The Load address line, the Call stack traceback locations line and the following values are present only if at least one traceback location was recorded. The Load address indicates the address at which the main executable was loaded; this line may not be present if operating system hasn’t relocated the main executable. The values are given in C style format, with lower case letters for a-f, and only as many digits present as are necessary. The line terminator sequence at the end of each line, including the last line is a single LF character (16#0A#).

The implementation defined check names include Alignment_Check, Atomic_Synchronization, Duplicated_Tag_Check, Container_Checks, Tampering_Check, Predicate_Check, and Validity_Check. In addition, a user program can add implementation-defined check names by means of the pragma Check_Name. See the description of pragma Suppress for full details.

See separate section on data representations.

See separate section on data representations.

Size for an indefinite subtype is the maximum possible size, except that for the case of a subprogram parameter, the size of the parameter object is the actual size.

The default external representation for a type tag is the fully expanded name of the type in upper case letters.

A compilation unit is the same in two different partitions if and only if it derives from the same source file.

The only implementation defined component is the tag for a tagged type, which contains a pointer to the dispatching table.

Word_Size (32) is not the same as Storage_Unit (8) for this implementation, so no non-default bit ordering is supported. The default bit ordering corresponds to the natural endianness of the target architecture.

See the definition of these packages in files system.ads and s-stoele.ads. Note that two declarations are added to package System.

Max_Priority           : constant Positive := Priority'Last;
Max_Interrupt_Priority : constant Positive := Interrupt_Priority'Last;

See the definition and documentation in file s-maccod.ads.

Unchecked conversion between types of the same size results in an uninterpreted transmission of the bits from one type to the other. If the types are of unequal sizes, then in the case of discrete types, a shorter source is first zero or sign extended as necessary, and a shorter target is simply truncated on the left. For all non-discrete types, the source is first copied if necessary to ensure that the alignment requirements of the target are met, then a pointer is constructed to the source value, and the result is obtained by dereferencing this pointer after converting it to be a pointer to the target type. Unchecked conversions where the target subtype is an unconstrained array are not permitted. If the target alignment is greater than the source alignment, then a copy of the result is made with appropriate alignment

For assignments and other operations where the use of invalid values cannot result in erroneous behavior, the compiler ignores the possibility of invalid values. An exception is raised at the point where an invalid value would result in erroneous behavior. For example executing:

procedure invalidvals is
  X : Integer := -1;
  Y : Natural range 1 .. 10;
  for Y'Address use X'Address;
  Z : Natural range 1 .. 10;
  A : array (Natural range 1 .. 10) of Integer;
begin
  Z := Y;     -- no exception
  A (Z) := 3; -- exception raised;
end;

As indicated, an exception is raised on the array assignment, but not on the simple assignment of the invalid negative value from Y to Z.

There are 3 different standard pools used by the compiler when Storage_Pool is not specified depending whether the type is local to a subprogram or defined at the library level and whether Storage_Size``is specified or not. See documentation in the runtime library units ``System.Pool_Global, System.Pool_Size and System.Pool_Local in files s-poosiz.ads, s-pooglo.ads and s-pooloc.ads for full details on the default pools used.

See documentation in the sources of the run time mentioned in the previous paragraph. All these pools are accessible by means of withing these units.

Storage_Size is measured in storage units, and refers to the total space available for an access type collection, or to the primary stack space for a task.

See documentation in the sources of the run time mentioned in the paragraph about standard storage pools above for details on GNAT-defined aspects of storage pools.

See Standard and Implementation Defined Restrictions.

Restrictions that can be checked at compile time result in illegalities if violated. Currently there are no other consequences of violating restrictions.

The representation is the in-memory representation of the base type of the type, using the number of bits corresponding to the type'Size value, and the natural ordering of the machine.

See items describing the integer and floating-point types supported.

Ada.Wide_Characters.Handling.Character_Set_Version returns the string "Unicode 4.0", referring to version 4.0 of the Unicode specification.

The elementary functions correspond to the functions available in the C library. Only fast math mode is implemented.

The sign of zeroes follows the requirements of the IEEE 754 standard on floating-point.

Maximum image width is 6864, see library file s-rannum.ads.

Maximum image width is 6864, see library file s-rannum.ads.

The algorithm is the Mersenne Twister, as documented in the source file s-rannum.adb. This version of the algorithm has a period of 2**19937-1.

The value returned by the Image function is the concatenation of the fixed-width decimal representations of the 624 32-bit integers of the state vector.

The minimum period between reset calls to guarantee distinct series of random numbers is one microsecond.

Run the compiler with `-gnatS' to produce a listing of package Standard, has the values of all numeric attributes.

There are no special implementation defined characteristics for these packages.

All type representations are contiguous, and the Buffer_Size is the value of type'Size rounded up to the next storage unit boundary.

These files are mapped onto the files provided by the C streams libraries. See source file i-cstrea.ads for further details.

If more digits are requested in the output than are represented by the precision of the value, zeroes are output in the corresponding least significant digit positions.

These are mapped onto the argv and argc parameters of the main program in the natural manner.

The Form parameter is not used.

The Form parameter is not used.

The Form parameter is case-insensitive. Two fields are recognized in the Form parameter:

*preserve=<value>*
*mode=<value>*

<value> starts immediately after the character ’=’ and ends with the character immediately preceding the next comma (’,’) or with the last character of the parameter.

The only possible values for preserve= are:

ValueMeaning
`no_attributes'Do not try to preserve any file attributes. This is the default if no preserve= is found in Form.
`all_attributes'Try to preserve all file attributes (timestamps, access rights).
`timestamps'Preserve the timestamp of the copied file, but not the other file attributes.

The only possible values for mode= are:

ValueMeaning
`copy'Only do the copy if the destination file does not already exist. If it already exists, Copy_File fails.
`overwrite'Copy the file in all cases. Overwrite an already existing destination file.
`append'Append the original file to the destination file. If the destination file does not exist, the destination file is a copy of the source file. When mode=append, the field preserve=, if it exists, is not taken into account.

If the Form parameter includes one or both of the fields and the value or values are incorrect, Copy_file fails with Use_Error.

Examples of correct Forms:

Form => "preserve=no_attributes,mode=overwrite" (the default)
Form => "mode=append"
Form => "mode=copy, preserve=all_attributes"

Examples of incorrect Forms:

Form => "preserve=junk"
Form => "mode=internal, preserve=timestamps"

When the Pattern parameter is not the null string, it is interpreted according to the syntax of regular expressions as defined in the GNAT.Regexp package.

See GNAT.Regexp (g-regexp.ads).

The following convention names are supported

Convention NameInterpretation
`Ada'Ada
`Ada_Pass_By_Copy'Allowed for any types except by-reference types such as limited records. Compatible with convention Ada, but causes any parameters with this convention to be passed by copy.
`Ada_Pass_By_Reference'Allowed for any types except by-copy types such as scalars. Compatible with convention Ada, but causes any parameters with this convention to be passed by reference.
`Assembler'Assembly language
`Asm'Synonym for Assembler
`Assembly'Synonym for Assembler
`C'C
`C_Pass_By_Copy'Allowed only for record types, like C, but also notes that record is to be passed by copy rather than reference.
`COBOL'COBOL
`C_Plus_Plus (or CPP)'C++
`Default'Treated the same as C
`External'Treated the same as C
`Fortran'Fortran
`Intrinsic'For support of pragma Import with convention Intrinsic, see separate section on Intrinsic Subprograms.
`Stdcall'Stdcall (used for Windows implementations only). This convention correspond to the WINAPI (previously called Pascal convention) C/C++ convention under Windows. A routine with this convention cleans the stack before exit. This pragma cannot be applied to a dispatching call.
`DLL'Synonym for Stdcall
`Win32'Synonym for Stdcall
`Stubbed'Stubbed is a special convention used to indicate that the body of the subprogram will be entirely ignored. Any call to the subprogram is converted into a raise of the Program_Error exception. If a pragma Import specifies convention stubbed then no body need be present at all. This convention is useful during development for the inclusion of subprograms whose body has not yet been written. In addition, all otherwise unrecognized convention names are also treated as being synonymous with convention C. In all implementations, use of such other names results in a warning.

Link names are the actual names used by the linker.

The default linker name is that which would be assigned by the relevant external language, interpreting the Ada name as being in all lower case letters.

The string passed to Linker_Options is presented uninterpreted as an argument to the link command, unless it contains ASCII.NUL characters. NUL characters if they appear act as argument separators, so for example

pragma Linker_Options ("-labc" & ASCII.NUL & "-ldef");

causes two separate arguments -labc and -ldef to be passed to the linker. The order of linker options is preserved for a given unit. The final list of options passed to the linker is in reverse order of the elaboration order. For example, linker options for a body always appear before the options from the corresponding package spec.

See files with prefix i- in the distributed library.

See files with prefix i- in the distributed library.

COBOLAda
`Floating'Float
`Long_Floating'(Floating) Long_Float
`Binary'Integer
`Long_Binary'Long_Long_Integer
`Decimal_Element'Character
`COBOL_Character'Character

For initialization, see the file i-cobol.ads in the distributed library.

See documentation in file s-maccod.ads in the distributed library.

See documentation in file s-maccod.ads in the distributed library.

Interrupts are mapped to signals or conditions as appropriate. See definition of unit Ada.Interrupt_Names in source file a-intnam.ads for details on the interrupts supported on a particular target.

GNAT does not permit a partition to be restarted without reloading, except under control of the debugger.

Pragma Discard_Names causes names of enumeration literals to be suppressed. In the presence of this pragma, the Image attribute provides the image of the Pos of the literal, and Value accepts Pos values.

For tagged types, when pragmas Discard_Names and No_Tagged_Streams simultaneously apply, their Expanded_Name and External_Tag are initialized with empty strings. This is useful to avoid exposing entity names at binary level.

The result of this attribute is a string that identifies the object or component that denotes a given task. If a variable Var has a task type, the image for this task will have the form Var_`XXXXXXXX', where the suffix `XXXXXXXX' is the hexadecimal representation of the virtual address of the corresponding task control block. If the variable is an array of tasks, the image of each task will have the form of an indexed component indicating the position of a given task in the array, e.g., Group(5)_`XXXXXXX'. If the task is a component of a record, the image of the task will have the form of a selected component. These rules are fully recursive, so that the image of a task that is a subcomponent of a composite object corresponds to the expression that designates this task.

If a task is created by an allocator, its image depends on the context. If the allocator is part of an object declaration, the rules described above are used to construct its image, and this image is not affected by subsequent assignments. If the allocator appears within an expression, the image includes only the name of the task type.

If the configuration pragma Discard_Names is present, or if the restriction No_Implicit_Heap_Allocation is in effect, the image reduces to the numeric suffix, that is to say the hexadecimal representation of the virtual address of the control block of the task.

Protected entries or interrupt handlers can be executed by any convenient thread, so the value of Current_Task is undefined.

When GNAT can determine statically that Current_Task is called directly in the body of an entry (or barrier) then a warning is emitted and Program_Error is raised at run time. Otherwise, the effect of calling Current_Task from an entry body or interrupt handler is to return the identification of the task currently executing the code.

There are no implementation-defined aspects of Task_Attributes.

The metrics information for GNAT depends on the performance of the underlying operating system. The sources of the run-time for tasking implementation, together with the output from `-gnatG' can be used to determine the exact sequence of operating systems calls made to implement various tasking constructs. Together with appropriate information on the performance of the underlying operating system, on the exact target in use, this information can be used to determine the required metrics.

See declarations in file system.ads.

There are no implementation-defined execution resources.

On a multi-processor, a task that is waiting for access to a protected object does not keep its processor busy.

Tasks map to threads in the threads package used by GNAT. Where possible and appropriate, these threads correspond to native threads of the underlying operating system.

There are no implementation-defined policy-identifiers allowed in this pragma.

Execution of a task cannot be preempted by the implementation processing of delay expirations for lower priority tasks.

The policy is the same as that of the underlying threads implementation.

The two implementation defined policies permitted in GNAT are Inheritance_Locking and Concurrent_Readers_Locking. On targets that support the Inheritance_Locking policy, locking is implemented by inheritance, i.e., the task owning the lock operates at a priority equal to the highest priority of any task currently requesting the lock. On targets that support the Concurrent_Readers_Locking policy, locking is implemented with a read/write lock allowing multiple protected object functions to enter concurrently.

The ceiling priority of protected objects of the type System.Interrupt_Priority'Last as described in the Ada Reference Manual D.3(10),

The ceiling priority of internal protected objects is System.Priority'Last.

There are no implementation-defined queuing policies.

The semantics for abort on a multi-processor is the same as on a single processor, there are no further delays.

The only operation that implicitly requires heap storage allocation is task creation.

Execution is erroneous in that case.

There are no such implementation-defined aspects.

There are no implementation defined aspects of package Real_Time.

Any difference greater than one microsecond will cause the task to be delayed (see D.9(7)).

The upper bound is determined by the underlying operating system. In no cases is it more than 10 milliseconds.

The GLADE package provides a utility GNATDIST for creating and executing distributed programs. See the GLADE reference manual for further details.

See the GLADE reference manual for full details on such events.

See the GLADE reference manual for full details on these aspects of multi-partition execution.

Editing the source file of a compilation unit, or the source files of any units on which it is dependent in a significant way cause the version to change. No other actions cause the version number to change. All changes are significant except those which affect only layout, capitalization or comments.

See the GLADE reference manual for details on the effect of abort in a distributed application.

See the GLADE reference manual for a full description of all implementation defined aspects of the PCS.

See the GLADE reference manual for a full description of all implementation defined interfaces.

Named NumberValue
`Max_Scale'+18
`Min_Scale'-18
`Min_Delta'1.0E-18
`Max_Delta'1.0E+18
`Max_Decimal_Digits'18

64

64

Standard library functions are used for the complex arithmetic operations. Only fast math mode is currently supported.

The signs of zero values are as recommended by the