From 2da1e954890d73062eb9011a9ec796520e1fba22 Mon Sep 17 00:00:00 2001 From: Johannes Kanig Date: Tue, 26 Apr 2022 10:05:03 +0900 Subject: [PATCH] Use S63 type instead of U64 type to store field values --- defaults.gpr | 2 +- examples/apps/ping/src/generic_checksum.adb | 4 +- rflx/generator/common.py | 18 +- rflx/generator/const.py | 1 + rflx/generator/generator.py | 56 ++- rflx/generator/message.py | 24 +- rflx/generator/parser.py | 4 +- rflx/generator/serializer.py | 21 +- rflx/templates/rflx_arithmetic.ads | 2 + .../rflx_builtin_types-conversions.ads | 26 + rflx/templates/rflx_generic_types.adb | 30 ++ rflx/templates/rflx_generic_types.ads | 55 ++- rflx/templates/rflx_scalar_sequence.adb | 6 +- rflx/templates/rflx_scalar_sequence.ads | 16 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../messages/generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-test-message.adb | 4 +- .../generated/rflx-test-message.ads | 16 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-test-message.adb | 8 +- .../generated/rflx-test-message.ads | 36 +- .../generated/rflx-test.ads | 10 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-messages-msg.adb | 17 +- .../generated/rflx-messages-msg.ads | 20 +- .../generated/rflx-messages-msg_le.adb | 17 +- .../generated/rflx-messages-msg_le.ads | 20 +- .../generated/rflx-messages-msg_le_nested.adb | 19 +- .../generated/rflx-messages-msg_le_nested.ads | 22 +- .../generated/rflx-messages.ads | 16 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-test-definite_message.adb | 19 +- .../generated/rflx-test-definite_message.ads | 20 +- .../session_functions/generated/rflx-test.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-tlv-message.adb | 25 +- .../generated/rflx-tlv-message.ads | 44 +- .../generated/rflx-tlv-tags.ads | 2 +- .../generated/rflx-tlv.ads | 16 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../generated/rflx-universal-message.adb | 95 ++-- .../generated/rflx-universal-message.ads | 158 +++--- .../generated/rflx-universal-option.adb | 25 +- .../generated/rflx-universal-option.ads | 44 +- .../generated/rflx-universal-option_types.ads | 2 +- .../generated/rflx-universal-values.ads | 2 +- .../generated/rflx-universal.ads | 36 +- .../generated/rflx-derivation-message.adb | 25 +- .../generated/rflx-derivation-message.ads | 44 +- .../generated/rflx-enumeration-message.adb | 17 +- .../generated/rflx-enumeration-message.ads | 18 +- tests/spark/generated/rflx-enumeration.ads | 14 +- tests/spark/generated/rflx-ethernet-frame.adb | 29 +- tests/spark/generated/rflx-ethernet-frame.ads | 56 +-- tests/spark/generated/rflx-ethernet.ads | 34 +- .../generated/rflx-expression-message.adb | 2 +- .../generated/rflx-expression-message.ads | 16 +- .../rflx-fixed_size-simple_message.adb | 35 +- .../rflx-fixed_size-simple_message.ads | 48 +- tests/spark/generated/rflx-icmp-message.adb | 207 ++++---- tests/spark/generated/rflx-icmp-message.ads | 450 +++++++++--------- tests/spark/generated/rflx-icmp.ads | 98 ++-- tests/spark/generated/rflx-ipv4-option.adb | 47 +- tests/spark/generated/rflx-ipv4-option.ads | 82 ++-- tests/spark/generated/rflx-ipv4-packet.adb | 55 +-- tests/spark/generated/rflx-ipv4-packet.ads | 100 ++-- tests/spark/generated/rflx-ipv4.ads | 116 ++--- .../spark/generated/rflx-rflx_arithmetic.ads | 2 + .../rflx-rflx_builtin_types-conversions.ads | 26 + .../generated/rflx-rflx_generic_types.adb | 30 ++ .../generated/rflx-rflx_generic_types.ads | 55 ++- .../generated/rflx-rflx_scalar_sequence.adb | 6 +- .../generated/rflx-rflx_scalar_sequence.ads | 16 +- .../rflx-sequence-av_enumeration_vector.ads | 2 +- .../rflx-sequence-enumeration_vector.ads | 2 +- .../generated/rflx-sequence-inner_message.adb | 15 +- .../generated/rflx-sequence-inner_message.ads | 18 +- .../spark/generated/rflx-sequence-message.adb | 15 +- .../spark/generated/rflx-sequence-message.ads | 18 +- .../rflx-sequence-messages_message.adb | 15 +- .../rflx-sequence-messages_message.ads | 18 +- .../rflx-sequence-modular_vector.ads | 2 +- .../generated/rflx-sequence-range_vector.ads | 2 +- ...-sequence_size_defined_by_message_size.adb | 15 +- ...-sequence_size_defined_by_message_size.ads | 18 +- tests/spark/generated/rflx-sequence.ads | 44 +- tests/spark/generated/rflx-tlv-message.adb | 25 +- tests/spark/generated/rflx-tlv-message.ads | 44 +- tests/spark/generated/rflx-tlv.ads | 16 +- tests/spark/generated/rflx-udp-datagram.adb | 21 +- tests/spark/generated/rflx-udp-datagram.ads | 24 +- tests/spark/generated/rflx-udp.ads | 26 +- tests/spark/generated/rflx-universal.ads | 14 +- tests/spark/rflx-builtin_types_tests.adb | 312 ++++++------ tests/spark/rflx-derivation_tests.adb | 4 +- tests/spark/rflx-tlv_tests.adb | 4 +- tests/spark/test.gpr | 2 +- tests/unit/generator_test.py | 18 +- 329 files changed, 7267 insertions(+), 4656 deletions(-) diff --git a/defaults.gpr b/defaults.gpr index d3ae8893f..db89ecea6 100644 --- a/defaults.gpr +++ b/defaults.gpr @@ -58,7 +58,7 @@ abstract project Defaults is Proof_Switches := ( - "--prover=z3,cvc4,altergo", + "--prover=z3,cvc4,colibri", "--steps=0", "--timeout=180", "--memlimit=1000", diff --git a/examples/apps/ping/src/generic_checksum.adb b/examples/apps/ping/src/generic_checksum.adb index 425cc1d6e..16d8032f6 100644 --- a/examples/apps/ping/src/generic_checksum.adb +++ b/examples/apps/ping/src/generic_checksum.adb @@ -20,8 +20,8 @@ is is use type ICMP.Checksum; use type Types.Index; - Checksum : ICMP.Checksum := Shift_Left (ICMP.Checksum (ICMP.To_U64 (Tag))) - + ICMP.Checksum (ICMP.To_U64 (Code)); + Checksum : ICMP.Checksum := Shift_Left (ICMP.Checksum (ICMP.To_S63 (Tag))) + + ICMP.Checksum (ICMP.To_S63 (Code)); Index : Types.Index; begin Checksum := Add (Checksum, Add (ICMP.Checksum (Identifier), ICMP.Checksum (Sequence_Number))); diff --git a/rflx/generator/common.py b/rflx/generator/common.py index ea87cfb07..a3de27e7c 100644 --- a/rflx/generator/common.py +++ b/rflx/generator/common.py @@ -59,7 +59,7 @@ def substitution( prefix: str, embedded: bool = False, public: bool = False, - target_type: Optional[ID] = const.TYPES_U64, + target_type: Optional[ID] = const.TYPES_S63, ) -> Callable[[expr.Expr], expr.Expr]: facts = substitution_facts(message, prefix, embedded, public, target_type) @@ -145,7 +145,7 @@ def byte_aggregate(aggregate: expr.Aggregate) -> expr.Aggregate: other = expression.left if boolean_literal and other: return expression.__class__( - other, type_conversion(expr.Call("To_U64", [boolean_literal])) + other, type_conversion(expr.Call("To_S63", [boolean_literal])) ) def field_value(field: model.Field) -> expr.Expr: @@ -187,7 +187,7 @@ def substitution_facts( prefix: str, embedded: bool = False, public: bool = False, - target_type: Optional[ID] = const.TYPES_U64, + target_type: Optional[ID] = const.TYPES_S63, ) -> Mapping[expr.Name, expr.Expr]: def prefixed(name: str) -> expr.Expr: return expr.Variable(rid.ID("Ctx") * name) if not embedded else expr.Variable(name) @@ -226,8 +226,8 @@ def field_size(field: model.Field) -> expr.Expr: def parameter_value(parameter: model.Field, parameter_type: model.Type) -> expr.Expr: if isinstance(parameter_type, model.Enumeration): if embedded: - return expr.Call("To_U64", [expr.Variable(parameter.name)]) - return expr.Call("To_U64", [expr.Variable("Ctx" * parameter.identifier)]) + return expr.Call("To_S63", [expr.Variable(parameter.name)]) + return expr.Call("To_S63", [expr.Variable("Ctx" * parameter.identifier)]) if isinstance(parameter_type, model.Scalar): if embedded: return expr.Variable(parameter.name) @@ -238,7 +238,7 @@ def parameter_value(parameter: model.Field, parameter_type: model.Type) -> expr. def field_value(field: model.Field, field_type: model.Type) -> expr.Expr: if isinstance(field_type, model.Enumeration): if public: - return expr.Call("To_U64", [expr.Call(f"Get_{field.name}", [expr.Variable("Ctx")])]) + return expr.Call("To_S63", [expr.Call(f"Get_{field.name}", [expr.Variable("Ctx")])]) return expr.Selected( expr.Indexed(cursors, expr.Variable(field.affixed_name)), "Value", @@ -274,14 +274,14 @@ def type_conversion(expression: expr.Expr) -> expr.Expr: for f, t in message.field_types.items() }, **{ - expr.Variable(l): type_conversion(expr.Call("To_U64", [expr.Variable(l)])) + expr.Variable(l): type_conversion(expr.Call("To_S63", [expr.Variable(l)])) for t in message.types.values() if isinstance(t, model.Enumeration) and t != model.BOOLEAN for l in t.literals.keys() }, **{ expr.Variable(t.package * l): type_conversion( - expr.Call("To_U64", [expr.Variable(prefix * t.package * l)]) + expr.Call("To_S63", [expr.Variable(prefix * t.package * l)]) ) for t in message.types.values() if isinstance(t, model.Enumeration) and t != model.BOOLEAN @@ -930,7 +930,7 @@ def create_sequence_instantiation( str(element_type.size), prefix * element_type_package * f"Valid_{element_type.name}", prefix * element_type_package * "To_Actual", - prefix * element_type_package * "To_U64", + prefix * element_type_package * "To_S63", ], ) else: diff --git a/rflx/generator/const.py b/rflx/generator/const.py index 2c9540a6f..205722212 100644 --- a/rflx/generator/const.py +++ b/rflx/generator/const.py @@ -49,6 +49,7 @@ TYPES_TO_LAST_BIT_INDEX = TYPES * "To_Last_Bit_Index" TYPES_OFFSET = TYPES * "Offset" TYPES_U64 = TYPES * "U64" +TYPES_S63 = TYPES * "S63" TYPES_BYTE_ORDER = TYPES * "Byte_Order" TYPES_HIGH_ORDER_FIRST = TYPES * "High_Order_First" TYPES_LOW_ORDER_FIRST = TYPES * "Low_Order_First" diff --git a/rflx/generator/generator.py b/rflx/generator/generator.py index 9956be50e..3ec6c6472 100644 --- a/rflx/generator/generator.py +++ b/rflx/generator/generator.py @@ -663,11 +663,10 @@ def __integer_functions(self, integer: Integer) -> UnitPart: ] ) else: - specification.append(UseTypeClause(self.__prefix * const.TYPES_U64)) + specification.append(UseTypeClause(self.__prefix * const.TYPES_S63)) + + specification += self.__type_validation_functions(integer.name, "Val", constraints.ada_expr()) - specification.append( - self.__type_validation_function(integer.name, "Val", constraints.ada_expr()) - ) if constraints == expr.TRUE: specification.extend( @@ -702,15 +701,13 @@ def __enumeration_functions(self, enum: Enumeration) -> UnitPart: ) if validation_expression != TRUE: - specification.append(UseTypeClause(self.__prefix * const.TYPES_U64)) + specification.append(UseTypeClause(self.__prefix * const.TYPES_S63)) - specification.append( - self.__type_validation_function( + specification += self.__type_validation_functions( enum.name, "Val" if validation_expression != TRUE else "Unused_Val", validation_expression, ) - ) if enum.always_valid: specification.append( @@ -736,8 +733,8 @@ def __enumeration_functions(self, enum: Enumeration) -> UnitPart: specification.append( ExpressionFunctionDeclaration( FunctionSpecification( - "To_U64", - self.__prefix * const.TYPES_U64, + "To_S63", + self.__prefix * const.TYPES_S63, [ Parameter( ["Enum"], @@ -760,7 +757,7 @@ def __enumeration_functions(self, enum: Enumeration) -> UnitPart: conversion_function = FunctionSpecification( "To_Actual", self.__prefix * ID(enum.identifier), - [Parameter(["Val"], self.__prefix * const.TYPES_U64)], + [Parameter(["Val"], self.__prefix * const.TYPES_S63)], ) precondition = Precondition(Call(f"Valid_{enum.name}", [Variable("Val")])) conversion_cases: ty.List[ty.Tuple[Expr, Expr]] = [] @@ -794,17 +791,16 @@ def __enumeration_functions(self, enum: Enumeration) -> UnitPart: specification.append( ExpressionFunctionDeclaration( FunctionSpecification( - "To_U64", - self.__prefix * const.TYPES_U64, + "To_S63", + self.__prefix * const.TYPES_S63, [Parameter(["Val"], self.__prefix * ID(enum.identifier))], ), If( - [(Variable("Val.Known"), Call("To_U64", [Variable("Val.Enum")]))], + [(Variable("Val.Known"), Call("To_S63", [Variable("Val.Enum")]))], Variable("Val.Raw"), ), ) ) - else: conversion_cases.extend( [ @@ -1233,33 +1229,35 @@ def __license_header(self) -> str: ) ) - def __type_validation_function( + def __type_validation_functions( self, type_name: str, enum_value: str, validation_expression: Expr - ) -> Subprogram: - return ExpressionFunctionDeclaration( - FunctionSpecification( - f"Valid_{type_name}", - "Boolean", - [Parameter([enum_value], self.__prefix * const.TYPES_U64)], + ) -> Sequence[Subprogram]: + return [ + ExpressionFunctionDeclaration( + FunctionSpecification( + f"Valid_{type_name}", + "Boolean", + [Parameter([enum_value], self.__prefix * const.TYPES_S63)], + ), + validation_expression, ), - validation_expression, - ) + ] def __integer_conversion_functions(self, integer: Integer) -> ty.Sequence[Subprogram]: return [ ExpressionFunctionDeclaration( FunctionSpecification( - "To_U64", - self.__prefix * const.TYPES_U64, + "To_S63", + self.__prefix * const.TYPES_S63, [Parameter(["Val"], self.__prefix * ID(integer.identifier))], ), - Call(self.__prefix * const.TYPES_U64, [Variable("Val")]), + Call(self.__prefix * const.TYPES_S63, [Variable("Val")]), ), ExpressionFunctionDeclaration( FunctionSpecification( "To_Actual", self.__prefix * ID(integer.identifier), - [Parameter(["Val"], self.__prefix * const.TYPES_U64)], + [Parameter(["Val"], self.__prefix * const.TYPES_S63)], ), Call(self.__prefix * ID(integer.identifier), [Variable("Val")]), [Precondition(Call(f"Valid_{integer.name}", [Variable("Val")]))], @@ -1371,7 +1369,7 @@ def enumeration_types(enum: Enumeration) -> ty.List[Declaration]: "Known", [ Variant([TRUE], [Component("Enum", common.enum_name(enum))]), - Variant([FALSE], [Component("Raw", const.TYPES_U64)]), + Variant([FALSE], [Component("Raw", const.TYPES_S63)]), ], ), ) diff --git a/rflx/generator/message.py b/rflx/generator/message.py index 3e14d005f..f4f8421c2 100644 --- a/rflx/generator/message.py +++ b/rflx/generator/message.py @@ -111,13 +111,13 @@ def create_use_type_clause(composite_fields: ty.Sequence[Field], offset: bool) - [ Pragma( "Warnings", - [Variable("Off"), String('use clause for type "U64" * has no effect')], + [Variable("Off"), String('use clause for type "S63" * has no effect')], ), Pragma( "Warnings", [ Variable("Off"), - String('"U64" is already use-visible through previous use_type_clause'), + String('"S63" is already use-visible through previous use_type_clause'), ], ), Pragma( @@ -135,7 +135,7 @@ def create_use_type_clause(composite_fields: ty.Sequence[Field], offset: bool) - const.TYPES_LENGTH, const.TYPES_INDEX, const.TYPES_BIT_INDEX, - const.TYPES_U64, + const.TYPES_S63, *([const.TYPES_OFFSET] if offset else []), ] ], @@ -150,12 +150,12 @@ def create_use_type_clause(composite_fields: ty.Sequence[Field], offset: bool) - "Warnings", [ Variable("On"), - String('"U64" is already use-visible through previous use_type_clause'), + String('"S63" is already use-visible through previous use_type_clause'), ], ), Pragma( "Warnings", - [Variable("On"), String('use clause for type "U64" * has no effect')], + [Variable("On"), String('use clause for type "S63" * has no effect')], ), ] ) @@ -234,7 +234,7 @@ def create_cursor_type() -> UnitPart: ), Component( "Value", - const.TYPES_U64, + const.TYPES_S63, Number(0), ), ], @@ -1296,7 +1296,7 @@ def create_valid_value_function( "Boolean", [ Parameter(["Fld" if scalar_fields else "Unused_Fld"], "Field"), - Parameter(["Val" if scalar_fields else "Unused_Val"], const.TYPES_U64), + Parameter(["Val" if scalar_fields else "Unused_Val"], const.TYPES_S63), ], ) @@ -1516,7 +1516,7 @@ def create_field_first_function(message: Message, prefix: str) -> UnitPart: def first(link: Link, message: Message) -> tuple[Expr, Expr]: def substituted( - expression: expr.Expr, target_type: ty.Optional[ID] = const.TYPES_U64 + expression: expr.Expr, target_type: ty.Optional[ID] = const.TYPES_S63 ) -> Expr: return ( expression.substituted( @@ -1678,9 +1678,9 @@ def condition(field: Field, message: Message) -> Expr: c: expr.Expr = expr.Or(*[l.condition for l in message.outgoing(field)]) c = c.substituted( mapping={ - expr.Size(field.name): expr.Call(const.TYPES_U64, [expr.Variable("Size")]), + expr.Size(field.name): expr.Call(const.TYPES_S63, [expr.Variable("Size")]), expr.Last(field.name): expr.Call( - const.TYPES_U64, + const.TYPES_S63, [ expr.Call( "Field_Last", @@ -1711,7 +1711,7 @@ def condition(field: Field, message: Message) -> Expr: Parameter(["Ctx"], "Context"), Parameter(["Fld"], "Field"), *( - [Parameter(["Val"], const.TYPES_U64)] + [Parameter(["Val"], const.TYPES_S63)] if common.has_value_dependent_condition(message) else [] ), @@ -3043,7 +3043,7 @@ def _create_valid_structure_function(message: Message, prefix: str) -> UnitPart: ) .substituted( lambda x: expr.Call( - "To_U64", + "To_S63", [expr.Variable("Struct" * x.identifier)], ) if isinstance(x, expr.Variable) diff --git a/rflx/generator/parser.py b/rflx/generator/parser.py index 505b32a23..eca116378 100644 --- a/rflx/generator/parser.py +++ b/rflx/generator/parser.py @@ -96,7 +96,7 @@ def create_get_function( SubprogramBody( FunctionSpecification( "Get", - const.TYPES_U64, + const.TYPES_S63, [Parameter(["Ctx"], "Context"), Parameter(["Fld"], "Field")], ), [ @@ -371,7 +371,7 @@ def create_verify_procedure( [ SubprogramBody( specification, - [ObjectDeclaration(["Value"], const.TYPES_U64)], + [ObjectDeclaration(["Value"], const.TYPES_S63)], [ IfStatement( [ diff --git a/rflx/generator/serializer.py b/rflx/generator/serializer.py index 701bbde8a..4f3f486d5 100644 --- a/rflx/generator/serializer.py +++ b/rflx/generator/serializer.py @@ -234,7 +234,7 @@ def specification() -> ProcedureSpecification: [ InOutParameter(["Ctx"], "Context"), Parameter(["Fld"], "Field"), - Parameter(["Val"], const.TYPES_U64), + Parameter(["Val"], const.TYPES_S63), Parameter(["Size"], const.TYPES_BIT_LENGTH), Parameter(["State_Valid"], "Boolean"), OutParameter(["Buffer_First"], const.TYPES_INDEX), @@ -570,11 +570,11 @@ def precondition( [ Variable("Val") if use_enum_records_directly - else Call("To_U64", [Variable("Val")]) + else Call("To_S63", [Variable("Val")]) ], ), common.field_condition_call( - message, field, value=Call("To_U64", [Variable("Val")]) + message, field, value=Call("To_S63", [Variable("Val")]) ), common.sufficient_space_for_field_condition(Variable(field.affixed_name)), ) @@ -621,7 +621,7 @@ def body( [ Variable("Ctx"), Variable(field.affixed_name), - Call("To_U64", [Variable("Val")]), + Call("To_S63", [Variable("Val")]), ], ), ], @@ -665,7 +665,7 @@ def body( [ InOutParameter(["Ctx"], "Context"), Parameter(["Fld"], "Field"), - Parameter(["Val"], const.TYPES_U64), + Parameter(["Val"], const.TYPES_S63), ], ), [ @@ -692,6 +692,13 @@ def body( Variable("Offset"), ], ), + CallStatement( + const.TYPES * "Lemma_Size", + [ + Variable("Val"), + Call("Positive", [Variable("Size")]), + ] + ), CallStatement( const.TYPES * "Insert", [ @@ -744,7 +751,7 @@ def body( common.sufficient_space_for_field_condition(Variable("Fld")), In( Call("Field_Size", [Variable("Ctx"), Variable("Fld")]), - ValueRange(Number(1), Size(const.TYPES_U64)), + ValueRange(Number(1), Size(const.TYPES_S63)), ), If( [ @@ -753,7 +760,7 @@ def body( Call( "Field_Size", [Variable("Ctx"), Variable("Fld")] ), - Size(const.TYPES_U64), + Size(const.TYPES_S63), ), Less( Variable("Val"), diff --git a/rflx/templates/rflx_arithmetic.ads b/rflx/templates/rflx_arithmetic.ads index 79e62a8ca..70c69dca7 100644 --- a/rflx/templates/rflx_arithmetic.ads +++ b/rflx/templates/rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/rflx/templates/rflx_builtin_types-conversions.ads b/rflx/templates/rflx_builtin_types-conversions.ads index 0d91443bf..82a34b822 100644 --- a/rflx/templates/rflx_builtin_types-conversions.ads +++ b/rflx/templates/rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : {prefix}RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return {prefix}RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : {prefix}RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end {prefix}RFLX_Builtin_Types.Conversions; diff --git a/rflx/templates/rflx_generic_types.adb b/rflx/templates/rflx_generic_types.adb index 4ac41b574..1e723d006 100644 --- a/rflx/templates/rflx_generic_types.adb +++ b/rflx/templates/rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end {prefix}RFLX_Generic_Types; diff --git a/rflx/templates/rflx_generic_types.ads b/rflx/templates/rflx_generic_types.ads index 2c8055080..7064e18f3 100644 --- a/rflx/templates/rflx_generic_types.ads +++ b/rflx/templates/rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is {prefix}RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end {prefix}RFLX_Generic_Types; diff --git a/rflx/templates/rflx_scalar_sequence.adb b/rflx/templates/rflx_scalar_sequence.adb index 260137a05..f0382e6f9 100644 --- a/rflx/templates/rflx_scalar_sequence.adb +++ b/rflx/templates/rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => {prefix}RFLX_Types.U64'First, Next_Element => {prefix}RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => {prefix}RFLX_Types.S63'First, Next_Element => {prefix}RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + {prefix}RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/rflx/templates/rflx_scalar_sequence.ads b/rflx/templates/rflx_scalar_sequence.ads index f5fce4316..6e416dbb0 100644 --- a/rflx/templates/rflx_scalar_sequence.ads +++ b/rflx/templates/rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with {prefix}RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : {prefix}RFLX_Types.U64) return Boolean; - with function To_Actual (Element : {prefix}RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return {prefix}RFLX_Types.U64; + with function Valid (Element : {prefix}RFLX_Types.S63) return Boolean; + with function To_Actual (Element : {prefix}RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return {prefix}RFLX_Types.S63; package {prefix}RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= {prefix}RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -186,8 +186,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : {prefix}RFLX_Types.U64 := {prefix}RFLX_Types.U64'First; - Next_Element : {prefix}RFLX_Types.U64 := {prefix}RFLX_Types.U64'First; + First_Element : {prefix}RFLX_Types.S63 := {prefix}RFLX_Types.S63'First; + Next_Element : {prefix}RFLX_Types.S63 := {prefix}RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/messages/generated/rflx-rflx_arithmetic.ads b/tests/integration/messages/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/messages/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/messages/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/messages/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/messages/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/messages/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/messages/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/messages/generated/rflx-rflx_generic_types.adb b/tests/integration/messages/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/messages/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/messages/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/messages/generated/rflx-rflx_generic_types.ads b/tests/integration/messages/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/messages/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/messages/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/messages/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/messages/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/messages/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/messages/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/messages/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/messages/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/messages/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/messages/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/messages/generated/rflx-universal-message.adb b/tests/integration/messages/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/messages/generated/rflx-universal-message.adb +++ b/tests/integration/messages/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/messages/generated/rflx-universal-message.ads b/tests/integration/messages/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/messages/generated/rflx-universal-message.ads +++ b/tests/integration/messages/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/messages/generated/rflx-universal-option.adb b/tests/integration/messages/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/messages/generated/rflx-universal-option.adb +++ b/tests/integration/messages/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/messages/generated/rflx-universal-option.ads b/tests/integration/messages/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/messages/generated/rflx-universal-option.ads +++ b/tests/integration/messages/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/messages/generated/rflx-universal-option_types.ads b/tests/integration/messages/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/messages/generated/rflx-universal-option_types.ads +++ b/tests/integration/messages/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/messages/generated/rflx-universal-values.ads b/tests/integration/messages/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/messages/generated/rflx-universal-values.ads +++ b/tests/integration/messages/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/messages/generated/rflx-universal.ads b/tests/integration/messages/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/messages/generated/rflx-universal.ads +++ b/tests/integration/messages/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/messages_with_implict_size/generated/rflx-rflx_arithmetic.ads b/tests/integration/messages_with_implict_size/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/messages_with_implict_size/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/messages_with_implict_size/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/messages_with_implict_size/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/messages_with_implict_size/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/messages_with_implict_size/generated/rflx-rflx_generic_types.adb b/tests/integration/messages_with_implict_size/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/messages_with_implict_size/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/messages_with_implict_size/generated/rflx-rflx_generic_types.ads b/tests/integration/messages_with_implict_size/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/messages_with_implict_size/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/messages_with_implict_size/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/messages_with_implict_size/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/messages_with_implict_size/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/messages_with_implict_size/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/messages_with_implict_size/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/messages_with_implict_size/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/messages_with_implict_size/generated/rflx-universal-message.adb b/tests/integration/messages_with_implict_size/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-universal-message.adb +++ b/tests/integration/messages_with_implict_size/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/messages_with_implict_size/generated/rflx-universal-message.ads b/tests/integration/messages_with_implict_size/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-universal-message.ads +++ b/tests/integration/messages_with_implict_size/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/messages_with_implict_size/generated/rflx-universal-option.adb b/tests/integration/messages_with_implict_size/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-universal-option.adb +++ b/tests/integration/messages_with_implict_size/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/messages_with_implict_size/generated/rflx-universal-option.ads b/tests/integration/messages_with_implict_size/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-universal-option.ads +++ b/tests/integration/messages_with_implict_size/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/messages_with_implict_size/generated/rflx-universal-option_types.ads b/tests/integration/messages_with_implict_size/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-universal-option_types.ads +++ b/tests/integration/messages_with_implict_size/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/messages_with_implict_size/generated/rflx-universal-values.ads b/tests/integration/messages_with_implict_size/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-universal-values.ads +++ b/tests/integration/messages_with_implict_size/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/messages_with_implict_size/generated/rflx-universal.ads b/tests/integration/messages_with_implict_size/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/messages_with_implict_size/generated/rflx-universal.ads +++ b/tests/integration/messages_with_implict_size/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_arithmetic.ads b/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_generic_types.adb b/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_generic_types.ads b/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/messages_with_single_opaque_field/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/messages_with_single_opaque_field/generated/rflx-test-message.adb b/tests/integration/messages_with_single_opaque_field/generated/rflx-test-message.adb index 23138b451..254507f07 100644 --- a/tests/integration/messages_with_single_opaque_field/generated/rflx-test-message.adb +++ b/tests/integration/messages_with_single_opaque_field/generated/rflx-test-message.adb @@ -142,7 +142,7 @@ is (True); procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -197,7 +197,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) diff --git a/tests/integration/messages_with_single_opaque_field/generated/rflx-test-message.ads b/tests/integration/messages_with_single_opaque_field/generated/rflx-test-message.ads index 627ab93ec..1ea4f4e19 100644 --- a/tests/integration/messages_with_single_opaque_field/generated/rflx-test-message.ads +++ b/tests/integration/messages_with_single_opaque_field/generated/rflx-test-message.ads @@ -8,9 +8,9 @@ package RFLX.Test.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Unused_Fld : Field; Unused_Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Unused_Fld : Field; Unused_Val : RFLX_Types.S63) return Boolean with Post => True; @@ -529,7 +529,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -620,7 +620,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Unused_Fld : Field; Unused_Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Unused_Fld : Field; Unused_Val : RFLX_Types.S63) return Boolean is (True); function Path_Condition (Ctx : Context; Fld : Field) return Boolean is diff --git a/tests/integration/parameterized_messages/generated/rflx-rflx_arithmetic.ads b/tests/integration/parameterized_messages/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/parameterized_messages/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/parameterized_messages/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/parameterized_messages/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/parameterized_messages/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/parameterized_messages/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/parameterized_messages/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/parameterized_messages/generated/rflx-rflx_generic_types.adb b/tests/integration/parameterized_messages/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/parameterized_messages/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/parameterized_messages/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/parameterized_messages/generated/rflx-rflx_generic_types.ads b/tests/integration/parameterized_messages/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/parameterized_messages/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/parameterized_messages/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/parameterized_messages/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/parameterized_messages/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/parameterized_messages/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/parameterized_messages/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/parameterized_messages/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/parameterized_messages/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/parameterized_messages/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/parameterized_messages/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/parameterized_messages/generated/rflx-test-message.adb b/tests/integration/parameterized_messages/generated/rflx-test-message.adb index f98e90eb1..06b46c931 100644 --- a/tests/integration/parameterized_messages/generated/rflx-test-message.adb +++ b/tests/integration/parameterized_messages/generated/rflx-test-message.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Data => (if - RFLX_Types.U64 (To_U64 (Ctx.Extended)) = RFLX_Types.U64 (To_U64 (True)) + RFLX_Types.S63 (To_S63 (Ctx.Extended)) = RFLX_Types.S63 (To_S63 (True)) then F_Extension elsif - RFLX_Types.U64 (To_U64 (Ctx.Extended)) = RFLX_Types.U64 (To_U64 (False)) + RFLX_Types.S63 (To_S63 (Ctx.Extended)) = RFLX_Types.S63 (To_S63 (False)) then F_Final else @@ -168,7 +168,7 @@ is end Reset_Dependent_Fields; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -262,7 +262,7 @@ is and Ctx.Verified_Last = Field_Last (Ctx, F_Data) and Invalid (Ctx, F_Extension) and (if - RFLX_Types.U64 (To_U64 (Ctx.Extended)) = RFLX_Types.U64 (To_U64 (True)) + RFLX_Types.S63 (To_S63 (Ctx.Extended)) = RFLX_Types.S63 (To_S63 (True)) then Predecessor (Ctx, F_Extension) = F_Data and Valid_Next (Ctx, F_Extension)) diff --git a/tests/integration/parameterized_messages/generated/rflx-test-message.ads b/tests/integration/parameterized_messages/generated/rflx-test-message.ads index 9de2bedf4..b1db541e9 100644 --- a/tests/integration/parameterized_messages/generated/rflx-test-message.ads +++ b/tests/integration/parameterized_messages/generated/rflx-test-message.ads @@ -11,9 +11,9 @@ package RFLX.Test.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,13 +27,13 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -252,7 +252,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Unused_Fld : Field; Unused_Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Unused_Fld : Field; Unused_Val : RFLX_Types.S63) return Boolean with Post => True; @@ -464,7 +464,7 @@ is and (if Structural_Valid_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Data)) and Invalid (Ctx, F_Extension) and (if - RFLX_Types.U64 (To_U64 (Ctx.Extended)) = RFLX_Types.U64 (To_U64 (True)) + RFLX_Types.S63 (To_S63 (Ctx.Extended)) = RFLX_Types.S63 (To_S63 (True)) then Predecessor (Ctx, F_Extension) = F_Data and Valid_Next (Ctx, F_Extension)) @@ -517,7 +517,7 @@ is and (if Structural_Valid_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Data)) and Invalid (Ctx, F_Extension) and (if - RFLX_Types.U64 (To_U64 (Ctx.Extended)) = RFLX_Types.U64 (To_U64 (True)) + RFLX_Types.S63 (To_S63 (Ctx.Extended)) = RFLX_Types.S63 (To_S63 (True)) then Predecessor (Ctx, F_Extension) = F_Data and Valid_Next (Ctx, F_Extension)) @@ -578,7 +578,7 @@ is and (if Structural_Valid_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Data)) and Invalid (Ctx, F_Extension) and (if - RFLX_Types.U64 (To_U64 (Ctx.Extended)) = RFLX_Types.U64 (To_U64 (True)) + RFLX_Types.S63 (To_S63 (Ctx.Extended)) = RFLX_Types.S63 (To_S63 (True)) then Predecessor (Ctx, F_Extension) = F_Data and Valid_Next (Ctx, F_Extension)) @@ -645,7 +645,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -698,7 +698,7 @@ private then (Structural_Valid (Cursors (F_Data)) and then Cursors (F_Extension).Predecessor = F_Data - and then RFLX_Types.U64 (To_U64 (Extended)) = RFLX_Types.U64 (To_U64 (True))))) + and then RFLX_Types.S63 (To_S63 (Extended)) = RFLX_Types.S63 (To_S63 (True))))) and then ((if Invalid (Cursors (F_Data)) then Invalid (Cursors (F_Extension)))) and then (if Structural_Valid (Cursors (F_Data)) @@ -708,7 +708,7 @@ private and then Cursors (F_Data).First = First and then (if Structural_Valid (Cursors (F_Extension)) - and then RFLX_Types.U64 (To_U64 (Extended)) = RFLX_Types.U64 (To_U64 (True)) + and then RFLX_Types.S63 (To_S63 (Extended)) = RFLX_Types.S63 (To_S63 (True)) then Cursors (F_Extension).Last - Cursors (F_Extension).First + 1 = RFLX_Types.Bit_Length (Length) * 8 and then Cursors (F_Extension).Predecessor = F_Data @@ -748,7 +748,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Unused_Fld : Field; Unused_Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Unused_Fld : Field; Unused_Val : RFLX_Types.S63) return Boolean is (True); function Path_Condition (Ctx : Context; Fld : Field) return Boolean is @@ -756,13 +756,13 @@ private when F_Initial | F_Extension | F_Final => True, when F_Data => - RFLX_Types.U64 (To_U64 (Ctx.Extended)) = RFLX_Types.U64 (To_U64 (True)))); + RFLX_Types.S63 (To_S63 (Ctx.Extended)) = RFLX_Types.S63 (To_S63 (True)))); function Field_Condition (Ctx : Context; Fld : Field) return Boolean is ((case Fld is when F_Data => - RFLX_Types.U64 (To_U64 (Ctx.Extended)) = RFLX_Types.U64 (To_U64 (True)) - or RFLX_Types.U64 (To_U64 (Ctx.Extended)) = RFLX_Types.U64 (To_U64 (False)), + RFLX_Types.S63 (To_S63 (Ctx.Extended)) = RFLX_Types.S63 (To_S63 (True)) + or RFLX_Types.S63 (To_S63 (Ctx.Extended)) = RFLX_Types.S63 (To_S63 (False)), when F_Extension => True)); @@ -827,12 +827,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is ((Structural_Valid (Ctx, F_Data) - and then RFLX_Types.U64 (To_U64 (Ctx.Extended)) = RFLX_Types.U64 (To_U64 (False))) + and then RFLX_Types.S63 (To_S63 (Ctx.Extended)) = RFLX_Types.S63 (To_S63 (False))) or Structural_Valid (Ctx, F_Extension)); function Valid_Message (Ctx : Context) return Boolean is ((Valid (Ctx, F_Data) - and then RFLX_Types.U64 (To_U64 (Ctx.Extended)) = RFLX_Types.U64 (To_U64 (False))) + and then RFLX_Types.S63 (To_S63 (Ctx.Extended)) = RFLX_Types.S63 (To_S63 (False))) or Valid (Ctx, F_Extension)); function Incomplete_Message (Ctx : Context) return Boolean is diff --git a/tests/integration/parameterized_messages/generated/rflx-test.ads b/tests/integration/parameterized_messages/generated/rflx-test.ads index b686165af..2d937d5fa 100644 --- a/tests/integration/parameterized_messages/generated/rflx-test.ads +++ b/tests/integration/parameterized_messages/generated/rflx-test.ads @@ -10,16 +10,16 @@ is Size => 16; - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val >= 1 and Val <= 16383); - function To_U64 (Val : RFLX.Test.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Test.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Test.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Test.Length is (RFLX.Test.Length (Val)) with Pre => diff --git a/tests/integration/session_append_unconstrained/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_append_unconstrained/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_append_unconstrained/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_append_unconstrained/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_append_unconstrained/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_append_unconstrained/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_append_unconstrained/generated/rflx-rflx_generic_types.adb b/tests/integration/session_append_unconstrained/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_append_unconstrained/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_append_unconstrained/generated/rflx-rflx_generic_types.ads b/tests/integration/session_append_unconstrained/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_append_unconstrained/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_append_unconstrained/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_append_unconstrained/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_append_unconstrained/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_append_unconstrained/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_append_unconstrained/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_append_unconstrained/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_append_unconstrained/generated/rflx-universal-message.adb b/tests/integration/session_append_unconstrained/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-universal-message.adb +++ b/tests/integration/session_append_unconstrained/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_append_unconstrained/generated/rflx-universal-message.ads b/tests/integration/session_append_unconstrained/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-universal-message.ads +++ b/tests/integration/session_append_unconstrained/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_append_unconstrained/generated/rflx-universal-option.adb b/tests/integration/session_append_unconstrained/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-universal-option.adb +++ b/tests/integration/session_append_unconstrained/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_append_unconstrained/generated/rflx-universal-option.ads b/tests/integration/session_append_unconstrained/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-universal-option.ads +++ b/tests/integration/session_append_unconstrained/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_append_unconstrained/generated/rflx-universal-option_types.ads b/tests/integration/session_append_unconstrained/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_append_unconstrained/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_append_unconstrained/generated/rflx-universal-values.ads b/tests/integration/session_append_unconstrained/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-universal-values.ads +++ b/tests/integration/session_append_unconstrained/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_append_unconstrained/generated/rflx-universal.ads b/tests/integration/session_append_unconstrained/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_append_unconstrained/generated/rflx-universal.ads +++ b/tests/integration/session_append_unconstrained/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_binding/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_binding/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_binding/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_binding/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_binding/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_binding/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_binding/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_binding/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_binding/generated/rflx-rflx_generic_types.adb b/tests/integration/session_binding/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_binding/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_binding/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_binding/generated/rflx-rflx_generic_types.ads b/tests/integration/session_binding/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_binding/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_binding/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_binding/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_binding/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_binding/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_binding/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_binding/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_binding/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_binding/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_binding/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_binding/generated/rflx-universal-message.adb b/tests/integration/session_binding/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_binding/generated/rflx-universal-message.adb +++ b/tests/integration/session_binding/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_binding/generated/rflx-universal-message.ads b/tests/integration/session_binding/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_binding/generated/rflx-universal-message.ads +++ b/tests/integration/session_binding/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_binding/generated/rflx-universal-option.adb b/tests/integration/session_binding/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_binding/generated/rflx-universal-option.adb +++ b/tests/integration/session_binding/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_binding/generated/rflx-universal-option.ads b/tests/integration/session_binding/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_binding/generated/rflx-universal-option.ads +++ b/tests/integration/session_binding/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_binding/generated/rflx-universal-option_types.ads b/tests/integration/session_binding/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_binding/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_binding/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_binding/generated/rflx-universal-values.ads b/tests/integration/session_binding/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_binding/generated/rflx-universal-values.ads +++ b/tests/integration/session_binding/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_binding/generated/rflx-universal.ads b/tests/integration/session_binding/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_binding/generated/rflx-universal.ads +++ b/tests/integration/session_binding/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_channel_multiplexing/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_channel_multiplexing/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_channel_multiplexing/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_channel_multiplexing/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-rflx_generic_types.adb b/tests/integration/session_channel_multiplexing/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_channel_multiplexing/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-rflx_generic_types.ads b/tests/integration/session_channel_multiplexing/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_channel_multiplexing/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_channel_multiplexing/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_channel_multiplexing/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_channel_multiplexing/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_channel_multiplexing/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-universal-message.adb b/tests/integration/session_channel_multiplexing/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-universal-message.adb +++ b/tests/integration/session_channel_multiplexing/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-universal-message.ads b/tests/integration/session_channel_multiplexing/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-universal-message.ads +++ b/tests/integration/session_channel_multiplexing/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-universal-option.adb b/tests/integration/session_channel_multiplexing/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-universal-option.adb +++ b/tests/integration/session_channel_multiplexing/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-universal-option.ads b/tests/integration/session_channel_multiplexing/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-universal-option.ads +++ b/tests/integration/session_channel_multiplexing/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-universal-option_types.ads b/tests/integration/session_channel_multiplexing/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_channel_multiplexing/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-universal-values.ads b/tests/integration/session_channel_multiplexing/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-universal-values.ads +++ b/tests/integration/session_channel_multiplexing/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_channel_multiplexing/generated/rflx-universal.ads b/tests/integration/session_channel_multiplexing/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_channel_multiplexing/generated/rflx-universal.ads +++ b/tests/integration/session_channel_multiplexing/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_channels/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_channels/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_channels/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_channels/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_channels/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_channels/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_channels/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_channels/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_channels/generated/rflx-rflx_generic_types.adb b/tests/integration/session_channels/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_channels/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_channels/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_channels/generated/rflx-rflx_generic_types.ads b/tests/integration/session_channels/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_channels/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_channels/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_channels/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_channels/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_channels/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_channels/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_channels/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_channels/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_channels/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_channels/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_channels/generated/rflx-universal-message.adb b/tests/integration/session_channels/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_channels/generated/rflx-universal-message.adb +++ b/tests/integration/session_channels/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_channels/generated/rflx-universal-message.ads b/tests/integration/session_channels/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_channels/generated/rflx-universal-message.ads +++ b/tests/integration/session_channels/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_channels/generated/rflx-universal-option.adb b/tests/integration/session_channels/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_channels/generated/rflx-universal-option.adb +++ b/tests/integration/session_channels/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_channels/generated/rflx-universal-option.ads b/tests/integration/session_channels/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_channels/generated/rflx-universal-option.ads +++ b/tests/integration/session_channels/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_channels/generated/rflx-universal-option_types.ads b/tests/integration/session_channels/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_channels/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_channels/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_channels/generated/rflx-universal-values.ads b/tests/integration/session_channels/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_channels/generated/rflx-universal-values.ads +++ b/tests/integration/session_channels/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_channels/generated/rflx-universal.ads b/tests/integration/session_channels/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_channels/generated/rflx-universal.ads +++ b/tests/integration/session_channels/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_generic_types.adb b/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_generic_types.ads b/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-message.adb b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-message.adb +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-message.ads b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-message.ads +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-option.adb b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-option.adb +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-option.ads b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-option.ads +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-option_types.ads b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-values.ads b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-values.ads +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal.ads b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_comprehension_on_message_field/generated/rflx-universal.ads +++ b/tests/integration/session_comprehension_on_message_field/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_generic_types.adb b/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_generic_types.ads b/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-message.adb b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-message.adb +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-message.ads b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-message.ads +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-option.adb b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-option.adb +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-option.ads b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-option.ads +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-option_types.ads b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-values.ads b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-values.ads +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal.ads b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_comprehension_on_sequence/generated/rflx-universal.ads +++ b/tests/integration/session_comprehension_on_sequence/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_conversion/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_conversion/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_conversion/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_conversion/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_conversion/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_conversion/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_conversion/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_conversion/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_conversion/generated/rflx-rflx_generic_types.adb b/tests/integration/session_conversion/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_conversion/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_conversion/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_conversion/generated/rflx-rflx_generic_types.ads b/tests/integration/session_conversion/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_conversion/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_conversion/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_conversion/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_conversion/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_conversion/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_conversion/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_conversion/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_conversion/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_conversion/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_conversion/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_conversion/generated/rflx-universal-message.adb b/tests/integration/session_conversion/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_conversion/generated/rflx-universal-message.adb +++ b/tests/integration/session_conversion/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_conversion/generated/rflx-universal-message.ads b/tests/integration/session_conversion/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_conversion/generated/rflx-universal-message.ads +++ b/tests/integration/session_conversion/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_conversion/generated/rflx-universal-option.adb b/tests/integration/session_conversion/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_conversion/generated/rflx-universal-option.adb +++ b/tests/integration/session_conversion/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_conversion/generated/rflx-universal-option.ads b/tests/integration/session_conversion/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_conversion/generated/rflx-universal-option.ads +++ b/tests/integration/session_conversion/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_conversion/generated/rflx-universal-option_types.ads b/tests/integration/session_conversion/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_conversion/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_conversion/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_conversion/generated/rflx-universal-values.ads b/tests/integration/session_conversion/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_conversion/generated/rflx-universal-values.ads +++ b/tests/integration/session_conversion/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_conversion/generated/rflx-universal.ads b/tests/integration/session_conversion/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_conversion/generated/rflx-universal.ads +++ b/tests/integration/session_conversion/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_endianness/generated/rflx-messages-msg.adb b/tests/integration/session_endianness/generated/rflx-messages-msg.adb index fd706b5e4..e6bab181e 100644 --- a/tests/integration/session_endianness/generated/rflx-messages-msg.adb +++ b/tests/integration/session_endianness/generated/rflx-messages-msg.adb @@ -150,7 +150,7 @@ is and Field_Size (Ctx, Fld) = Size); end Reset_Dependent_Fields; - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -170,7 +170,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -205,7 +205,7 @@ is end loop; end Verify_Message; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -267,7 +267,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -275,8 +275,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -304,17 +304,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_A (Ctx : in out Context; Val : RFLX.Messages.Integer) is begin - Set_Scalar (Ctx, F_A, To_U64 (Val)); + Set_Scalar (Ctx, F_A, To_S63 (Val)); end Set_A; procedure Set_B (Ctx : in out Context; Val : RFLX.Messages.Enum_T) is begin - Set_Scalar (Ctx, F_B, To_U64 (Val)); + Set_Scalar (Ctx, F_B, To_S63 (Val)); end Set_B; procedure To_Structure (Ctx : Context; Struct : out Structure) is diff --git a/tests/integration/session_endianness/generated/rflx-messages-msg.ads b/tests/integration/session_endianness/generated/rflx-messages-msg.ads index f10b8b8bf..2157d654f 100644 --- a/tests/integration/session_endianness/generated/rflx-messages-msg.ads +++ b/tests/integration/session_endianness/generated/rflx-messages-msg.ads @@ -8,9 +8,9 @@ package RFLX.Messages.Msg with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -22,15 +22,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -239,7 +239,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -385,7 +385,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_A) - and then RFLX.Messages.Valid_Integer (To_U64 (Val)) + and then RFLX.Messages.Valid_Integer (To_S63 (Val)) and then Field_Condition (Ctx, F_A) and then Available_Space (Ctx, F_A) >= Field_Size (Ctx, F_A), Post => @@ -408,7 +408,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_B) - and then RFLX.Messages.Valid_Enum_T (To_U64 (Val)) + and then RFLX.Messages.Valid_Enum_T (To_S63 (Val)) and then Field_Condition (Ctx, F_B) and then Available_Space (Ctx, F_B) >= Field_Size (Ctx, F_B), Post => @@ -481,7 +481,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -582,7 +582,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_A => RFLX.Messages.Valid_Integer (Val), diff --git a/tests/integration/session_endianness/generated/rflx-messages-msg_le.adb b/tests/integration/session_endianness/generated/rflx-messages-msg_le.adb index fd52edc08..bd6466d4f 100644 --- a/tests/integration/session_endianness/generated/rflx-messages-msg_le.adb +++ b/tests/integration/session_endianness/generated/rflx-messages-msg_le.adb @@ -150,7 +150,7 @@ is and Field_Size (Ctx, Fld) = Size); end Reset_Dependent_Fields; - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -170,7 +170,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -205,7 +205,7 @@ is end loop; end Verify_Message; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -267,7 +267,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -275,8 +275,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -304,17 +304,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.Low_Order_First); end Set_Scalar; procedure Set_C (Ctx : in out Context; Val : RFLX.Messages.Integer) is begin - Set_Scalar (Ctx, F_C, To_U64 (Val)); + Set_Scalar (Ctx, F_C, To_S63 (Val)); end Set_C; procedure Set_D (Ctx : in out Context; Val : RFLX.Messages.Enum_T) is begin - Set_Scalar (Ctx, F_D, To_U64 (Val)); + Set_Scalar (Ctx, F_D, To_S63 (Val)); end Set_D; procedure To_Structure (Ctx : Context; Struct : out Structure) is diff --git a/tests/integration/session_endianness/generated/rflx-messages-msg_le.ads b/tests/integration/session_endianness/generated/rflx-messages-msg_le.ads index 764574fc9..44dca6df4 100644 --- a/tests/integration/session_endianness/generated/rflx-messages-msg_le.ads +++ b/tests/integration/session_endianness/generated/rflx-messages-msg_le.ads @@ -8,9 +8,9 @@ package RFLX.Messages.Msg_LE with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -22,15 +22,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -239,7 +239,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -385,7 +385,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_C) - and then RFLX.Messages.Valid_Integer (To_U64 (Val)) + and then RFLX.Messages.Valid_Integer (To_S63 (Val)) and then Field_Condition (Ctx, F_C) and then Available_Space (Ctx, F_C) >= Field_Size (Ctx, F_C), Post => @@ -408,7 +408,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_D) - and then RFLX.Messages.Valid_Enum_T (To_U64 (Val)) + and then RFLX.Messages.Valid_Enum_T (To_S63 (Val)) and then Field_Condition (Ctx, F_D) and then Available_Space (Ctx, F_D) >= Field_Size (Ctx, F_D), Post => @@ -481,7 +481,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -582,7 +582,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_C => RFLX.Messages.Valid_Integer (Val), diff --git a/tests/integration/session_endianness/generated/rflx-messages-msg_le_nested.adb b/tests/integration/session_endianness/generated/rflx-messages-msg_le_nested.adb index 4fea76d1a..3ebbcc03e 100644 --- a/tests/integration/session_endianness/generated/rflx-messages-msg_le_nested.adb +++ b/tests/integration/session_endianness/generated/rflx-messages-msg_le_nested.adb @@ -154,7 +154,7 @@ is and Field_Size (Ctx, Fld) = Size); end Reset_Dependent_Fields; - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -174,7 +174,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -209,7 +209,7 @@ is end loop; end Verify_Message; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -275,7 +275,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -283,8 +283,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -316,22 +316,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), (if Fld in F_Y then RFLX_Types.Low_Order_First else RFLX_Types.High_Order_First)); end Set_Scalar; procedure Set_X_A (Ctx : in out Context; Val : RFLX.Messages.Integer) is begin - Set_Scalar (Ctx, F_X_A, To_U64 (Val)); + Set_Scalar (Ctx, F_X_A, To_S63 (Val)); end Set_X_A; procedure Set_X_B (Ctx : in out Context; Val : RFLX.Messages.Enum_T) is begin - Set_Scalar (Ctx, F_X_B, To_U64 (Val)); + Set_Scalar (Ctx, F_X_B, To_S63 (Val)); end Set_X_B; procedure Set_Y (Ctx : in out Context; Val : RFLX.Messages.Enum_T) is begin - Set_Scalar (Ctx, F_Y, To_U64 (Val)); + Set_Scalar (Ctx, F_Y, To_S63 (Val)); end Set_Y; procedure To_Structure (Ctx : Context; Struct : out Structure) is diff --git a/tests/integration/session_endianness/generated/rflx-messages-msg_le_nested.ads b/tests/integration/session_endianness/generated/rflx-messages-msg_le_nested.ads index 8aa9e05f6..915253379 100644 --- a/tests/integration/session_endianness/generated/rflx-messages-msg_le_nested.ads +++ b/tests/integration/session_endianness/generated/rflx-messages-msg_le_nested.ads @@ -8,9 +8,9 @@ package RFLX.Messages.Msg_LE_Nested with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -22,15 +22,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -239,7 +239,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -389,7 +389,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_X_A) - and then RFLX.Messages.Valid_Integer (To_U64 (Val)) + and then RFLX.Messages.Valid_Integer (To_S63 (Val)) and then Field_Condition (Ctx, F_X_A) and then Available_Space (Ctx, F_X_A) >= Field_Size (Ctx, F_X_A), Post => @@ -413,7 +413,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_X_B) - and then RFLX.Messages.Valid_Enum_T (To_U64 (Val)) + and then RFLX.Messages.Valid_Enum_T (To_S63 (Val)) and then Field_Condition (Ctx, F_X_B) and then Available_Space (Ctx, F_X_B) >= Field_Size (Ctx, F_X_B), Post => @@ -439,7 +439,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Y) - and then RFLX.Messages.Valid_Enum_T (To_U64 (Val)) + and then RFLX.Messages.Valid_Enum_T (To_S63 (Val)) and then Field_Condition (Ctx, F_Y) and then Available_Space (Ctx, F_Y) >= Field_Size (Ctx, F_Y), Post => @@ -514,7 +514,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -627,7 +627,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_X_A => RFLX.Messages.Valid_Integer (Val), diff --git a/tests/integration/session_endianness/generated/rflx-messages.ads b/tests/integration/session_endianness/generated/rflx-messages.ads index ee1ed9c11..9681da2e8 100644 --- a/tests/integration/session_endianness/generated/rflx-messages.ads +++ b/tests/integration/session_endianness/generated/rflx-messages.ads @@ -10,15 +10,15 @@ is Size => 32; - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Integer (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Integer (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 4294967295); - function To_U64 (Val : RFLX.Messages.Integer) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Messages.Integer) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Messages.Integer is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Messages.Integer is (RFLX.Messages.Integer (Val)) with Pre => @@ -29,10 +29,10 @@ is 32; for Enum_T use (Enum_A => 0, Enum_B => 1, Enum_C => 2, Enum_D => 4, Enum_E => 8, Enum_F => 16, Enum_G => 32); - function Valid_Enum_T (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Enum_T (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 4 | 8 | 16 | 32); - function To_U64 (Enum : RFLX.Messages.Enum_T) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Messages.Enum_T) return RFLX.RFLX_Types.S63 is ((case Enum is when Enum_A => 0, @@ -51,7 +51,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Messages.Enum_T is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Messages.Enum_T is ((case Val is when 0 => Enum_A, diff --git a/tests/integration/session_endianness/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_endianness/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_endianness/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_endianness/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_endianness/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_endianness/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_endianness/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_endianness/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_endianness/generated/rflx-rflx_generic_types.adb b/tests/integration/session_endianness/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_endianness/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_endianness/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_endianness/generated/rflx-rflx_generic_types.ads b/tests/integration/session_endianness/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_endianness/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_endianness/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_endianness/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_endianness/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_endianness/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_endianness/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_endianness/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_endianness/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_endianness/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_endianness/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_functions/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_functions/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_functions/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_functions/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_functions/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_functions/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_functions/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_functions/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_functions/generated/rflx-rflx_generic_types.adb b/tests/integration/session_functions/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_functions/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_functions/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_functions/generated/rflx-rflx_generic_types.ads b/tests/integration/session_functions/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_functions/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_functions/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_functions/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_functions/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_functions/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_functions/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_functions/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_functions/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_functions/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_functions/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_functions/generated/rflx-test-definite_message.adb b/tests/integration/session_functions/generated/rflx-test-definite_message.adb index 6fb4f78fc..44b813f38 100644 --- a/tests/integration/session_functions/generated/rflx-test-definite_message.adb +++ b/tests/integration/session_functions/generated/rflx-test-definite_message.adb @@ -165,7 +165,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -188,7 +188,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -249,7 +249,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -316,7 +316,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -324,8 +324,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -356,17 +356,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Test.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type) with @@ -393,7 +394,7 @@ is and Valid_Next (Ctx, F_Message_Type) = Valid_Next (Ctx, F_Message_Type)'Old is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_functions/generated/rflx-test-definite_message.ads b/tests/integration/session_functions/generated/rflx-test-definite_message.ads index 94bb49e07..e079b1d49 100644 --- a/tests/integration/session_functions/generated/rflx-test-definite_message.ads +++ b/tests/integration/session_functions/generated/rflx-test-definite_message.ads @@ -10,9 +10,9 @@ package RFLX.Test.Definite_Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -26,15 +26,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -243,7 +243,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -431,7 +431,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) and then Field_Condition (Ctx, F_Message_Type) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => @@ -455,7 +455,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Test.Valid_Length (To_U64 (Val)) + and then RFLX.Test.Valid_Length (To_S63 (Val)) and then Field_Condition (Ctx, F_Length) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => @@ -631,7 +631,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -744,7 +744,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Option_Type (Val), diff --git a/tests/integration/session_functions/generated/rflx-test.ads b/tests/integration/session_functions/generated/rflx-test.ads index e768bbfe6..7ed771227 100644 --- a/tests/integration/session_functions/generated/rflx-test.ads +++ b/tests/integration/session_functions/generated/rflx-test.ads @@ -11,12 +11,12 @@ is 2; for Result use (M_Valid => 0, M_Invalid => 1); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Result (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Result (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1); - function To_U64 (Enum : RFLX.Test.Result) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Test.Result) return RFLX.RFLX_Types.S63 is ((case Enum is when M_Valid => 0, @@ -25,7 +25,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Test.Result is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Test.Result is ((case Val is when 0 => M_Valid, @@ -43,13 +43,13 @@ is Size => 8; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Test.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Test.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Test.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Test.Length is (RFLX.Test.Length (Val)) with Pre => diff --git a/tests/integration/session_functions/generated/rflx-universal-message.adb b/tests/integration/session_functions/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_functions/generated/rflx-universal-message.adb +++ b/tests/integration/session_functions/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_functions/generated/rflx-universal-message.ads b/tests/integration/session_functions/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_functions/generated/rflx-universal-message.ads +++ b/tests/integration/session_functions/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_functions/generated/rflx-universal-option.adb b/tests/integration/session_functions/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_functions/generated/rflx-universal-option.adb +++ b/tests/integration/session_functions/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_functions/generated/rflx-universal-option.ads b/tests/integration/session_functions/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_functions/generated/rflx-universal-option.ads +++ b/tests/integration/session_functions/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_functions/generated/rflx-universal-option_types.ads b/tests/integration/session_functions/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_functions/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_functions/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_functions/generated/rflx-universal-values.ads b/tests/integration/session_functions/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_functions/generated/rflx-universal-values.ads +++ b/tests/integration/session_functions/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_functions/generated/rflx-universal.ads b/tests/integration/session_functions/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_functions/generated/rflx-universal.ads +++ b/tests/integration/session_functions/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_integration/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_integration/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_integration/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_integration/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_integration/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_integration/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_integration/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_integration/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_integration/generated/rflx-rflx_generic_types.adb b/tests/integration/session_integration/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_integration/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_integration/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_integration/generated/rflx-rflx_generic_types.ads b/tests/integration/session_integration/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_integration/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_integration/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_integration/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_integration/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_integration/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_integration/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_integration/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_integration/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_integration/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_integration/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_integration/generated/rflx-universal-message.adb b/tests/integration/session_integration/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_integration/generated/rflx-universal-message.adb +++ b/tests/integration/session_integration/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_integration/generated/rflx-universal-message.ads b/tests/integration/session_integration/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_integration/generated/rflx-universal-message.ads +++ b/tests/integration/session_integration/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_integration/generated/rflx-universal-option.adb b/tests/integration/session_integration/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_integration/generated/rflx-universal-option.adb +++ b/tests/integration/session_integration/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_integration/generated/rflx-universal-option.ads b/tests/integration/session_integration/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_integration/generated/rflx-universal-option.ads +++ b/tests/integration/session_integration/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_integration/generated/rflx-universal-option_types.ads b/tests/integration/session_integration/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_integration/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_integration/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_integration/generated/rflx-universal-values.ads b/tests/integration/session_integration/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_integration/generated/rflx-universal-values.ads +++ b/tests/integration/session_integration/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_integration/generated/rflx-universal.ads b/tests/integration/session_integration/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_integration/generated/rflx-universal.ads +++ b/tests/integration/session_integration/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_integration_multiple/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_integration_multiple/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_integration_multiple/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_integration_multiple/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_integration_multiple/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_integration_multiple/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_integration_multiple/generated/rflx-rflx_generic_types.adb b/tests/integration/session_integration_multiple/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_integration_multiple/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_integration_multiple/generated/rflx-rflx_generic_types.ads b/tests/integration/session_integration_multiple/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_integration_multiple/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_integration_multiple/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_integration_multiple/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_integration_multiple/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_integration_multiple/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_integration_multiple/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_integration_multiple/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_integration_multiple/generated/rflx-universal-message.adb b/tests/integration/session_integration_multiple/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-universal-message.adb +++ b/tests/integration/session_integration_multiple/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_integration_multiple/generated/rflx-universal-message.ads b/tests/integration/session_integration_multiple/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-universal-message.ads +++ b/tests/integration/session_integration_multiple/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_integration_multiple/generated/rflx-universal-option.adb b/tests/integration/session_integration_multiple/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-universal-option.adb +++ b/tests/integration/session_integration_multiple/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_integration_multiple/generated/rflx-universal-option.ads b/tests/integration/session_integration_multiple/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-universal-option.ads +++ b/tests/integration/session_integration_multiple/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_integration_multiple/generated/rflx-universal-option_types.ads b/tests/integration/session_integration_multiple/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_integration_multiple/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_integration_multiple/generated/rflx-universal-values.ads b/tests/integration/session_integration_multiple/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-universal-values.ads +++ b/tests/integration/session_integration_multiple/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_integration_multiple/generated/rflx-universal.ads b/tests/integration/session_integration_multiple/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_integration_multiple/generated/rflx-universal.ads +++ b/tests/integration/session_integration_multiple/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_minimal/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_minimal/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_minimal/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_minimal/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_minimal/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_minimal/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_minimal/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_minimal/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_minimal/generated/rflx-rflx_generic_types.adb b/tests/integration/session_minimal/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_minimal/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_minimal/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_minimal/generated/rflx-rflx_generic_types.ads b/tests/integration/session_minimal/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_minimal/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_minimal/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_minimal/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_minimal/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_minimal/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_minimal/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_minimal/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_minimal/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_minimal/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_minimal/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_minimal/generated/rflx-universal-message.adb b/tests/integration/session_minimal/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_minimal/generated/rflx-universal-message.adb +++ b/tests/integration/session_minimal/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_minimal/generated/rflx-universal-message.ads b/tests/integration/session_minimal/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_minimal/generated/rflx-universal-message.ads +++ b/tests/integration/session_minimal/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_minimal/generated/rflx-universal-option.adb b/tests/integration/session_minimal/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_minimal/generated/rflx-universal-option.adb +++ b/tests/integration/session_minimal/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_minimal/generated/rflx-universal-option.ads b/tests/integration/session_minimal/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_minimal/generated/rflx-universal-option.ads +++ b/tests/integration/session_minimal/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_minimal/generated/rflx-universal-option_types.ads b/tests/integration/session_minimal/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_minimal/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_minimal/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_minimal/generated/rflx-universal-values.ads b/tests/integration/session_minimal/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_minimal/generated/rflx-universal-values.ads +++ b/tests/integration/session_minimal/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_minimal/generated/rflx-universal.ads b/tests/integration/session_minimal/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_minimal/generated/rflx-universal.ads +++ b/tests/integration/session_minimal/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_reuse_of_message/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_reuse_of_message/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_reuse_of_message/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_reuse_of_message/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_reuse_of_message/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_reuse_of_message/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_reuse_of_message/generated/rflx-rflx_generic_types.adb b/tests/integration/session_reuse_of_message/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_reuse_of_message/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_reuse_of_message/generated/rflx-rflx_generic_types.ads b/tests/integration/session_reuse_of_message/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_reuse_of_message/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_reuse_of_message/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_reuse_of_message/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_reuse_of_message/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_reuse_of_message/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_reuse_of_message/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_reuse_of_message/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_reuse_of_message/generated/rflx-universal-message.adb b/tests/integration/session_reuse_of_message/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-universal-message.adb +++ b/tests/integration/session_reuse_of_message/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_reuse_of_message/generated/rflx-universal-message.ads b/tests/integration/session_reuse_of_message/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-universal-message.ads +++ b/tests/integration/session_reuse_of_message/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_reuse_of_message/generated/rflx-universal-option.adb b/tests/integration/session_reuse_of_message/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-universal-option.adb +++ b/tests/integration/session_reuse_of_message/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_reuse_of_message/generated/rflx-universal-option.ads b/tests/integration/session_reuse_of_message/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-universal-option.ads +++ b/tests/integration/session_reuse_of_message/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_reuse_of_message/generated/rflx-universal-option_types.ads b/tests/integration/session_reuse_of_message/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_reuse_of_message/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_reuse_of_message/generated/rflx-universal-values.ads b/tests/integration/session_reuse_of_message/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-universal-values.ads +++ b/tests/integration/session_reuse_of_message/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_reuse_of_message/generated/rflx-universal.ads b/tests/integration/session_reuse_of_message/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_reuse_of_message/generated/rflx-universal.ads +++ b/tests/integration/session_reuse_of_message/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_sequence_append/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_sequence_append/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_sequence_append/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_sequence_append/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_sequence_append/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_sequence_append/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_sequence_append/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_sequence_append/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_sequence_append/generated/rflx-rflx_generic_types.adb b/tests/integration/session_sequence_append/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_sequence_append/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_sequence_append/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_sequence_append/generated/rflx-rflx_generic_types.ads b/tests/integration/session_sequence_append/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_sequence_append/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_sequence_append/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_sequence_append/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_sequence_append/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_sequence_append/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_sequence_append/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_sequence_append/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_sequence_append/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_sequence_append/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_sequence_append/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_sequence_append/generated/rflx-universal-message.adb b/tests/integration/session_sequence_append/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_sequence_append/generated/rflx-universal-message.adb +++ b/tests/integration/session_sequence_append/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_sequence_append/generated/rflx-universal-message.ads b/tests/integration/session_sequence_append/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_sequence_append/generated/rflx-universal-message.ads +++ b/tests/integration/session_sequence_append/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_sequence_append/generated/rflx-universal-option.adb b/tests/integration/session_sequence_append/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_sequence_append/generated/rflx-universal-option.adb +++ b/tests/integration/session_sequence_append/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_sequence_append/generated/rflx-universal-option.ads b/tests/integration/session_sequence_append/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_sequence_append/generated/rflx-universal-option.ads +++ b/tests/integration/session_sequence_append/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_sequence_append/generated/rflx-universal-option_types.ads b/tests/integration/session_sequence_append/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_sequence_append/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_sequence_append/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_sequence_append/generated/rflx-universal-values.ads b/tests/integration/session_sequence_append/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_sequence_append/generated/rflx-universal-values.ads +++ b/tests/integration/session_sequence_append/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_sequence_append/generated/rflx-universal.ads b/tests/integration/session_sequence_append/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_sequence_append/generated/rflx-universal.ads +++ b/tests/integration/session_sequence_append/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_sequence_append_head/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_sequence_append_head/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_sequence_append_head/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_sequence_append_head/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_sequence_append_head/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_sequence_append_head/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_sequence_append_head/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_sequence_append_head/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_sequence_append_head/generated/rflx-rflx_generic_types.adb b/tests/integration/session_sequence_append_head/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_sequence_append_head/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_sequence_append_head/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_sequence_append_head/generated/rflx-rflx_generic_types.ads b/tests/integration/session_sequence_append_head/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_sequence_append_head/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_sequence_append_head/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_sequence_append_head/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_sequence_append_head/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_sequence_append_head/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_sequence_append_head/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_sequence_append_head/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_sequence_append_head/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_sequence_append_head/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_sequence_append_head/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_sequence_append_head/generated/rflx-tlv-message.adb b/tests/integration/session_sequence_append_head/generated/rflx-tlv-message.adb index a0ff99b70..e90d243d6 100644 --- a/tests/integration/session_sequence_append_head/generated/rflx-tlv-message.adb +++ b/tests/integration/session_sequence_append_head/generated/rflx-tlv-message.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Tag => (if - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Error)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Error)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Value); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Value (Ctx.Buffer.all (First .. Last)); end Generic_Get_Value; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Tag => Get_Tag (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then Predecessor (Ctx, F_Length) = F_Tag and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Tag => Get_Tag (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then Predecessor (Ctx, F_Length) = F_Tag and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Tag (Ctx : in out Context; Val : RFLX.TLV.Tag) is begin - Set_Scalar (Ctx, F_Tag, To_U64 (Val)); + Set_Scalar (Ctx, F_Tag, To_S63 (Val)); end Set_Tag; procedure Set_Length (Ctx : in out Context; Val : RFLX.TLV.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_sequence_append_head/generated/rflx-tlv-message.ads b/tests/integration/session_sequence_append_head/generated/rflx-tlv-message.ads index 816f7eb70..639e11740 100644 --- a/tests/integration/session_sequence_append_head/generated/rflx-tlv-message.ads +++ b/tests/integration/session_sequence_append_head/generated/rflx-tlv-message.ads @@ -8,9 +8,9 @@ package RFLX.TLV.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Tag) - and then RFLX.TLV.Valid_Tag (To_U64 (Val)) - and then Field_Condition (Ctx, F_Tag, To_U64 (Val)) + and then RFLX.TLV.Valid_Tag (To_S63 (Val)) + and then Field_Condition (Ctx, F_Tag, To_S63 (Val)) and then Available_Space (Ctx, F_Tag) >= Field_Size (Ctx, F_Tag), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Value) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then Predecessor (Ctx, F_Length) = F_Tag and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.TLV.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.TLV.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Tag)) and then Cursors (F_Length).Predecessor = F_Tag - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)))) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)))) and then (if Structural_Valid (Cursors (F_Value)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Tag).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Tag @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Tag => RFLX.TLV.Valid_Tag (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Value | F_Final => True, when F_Tag => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Tag => - Val = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Error)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Error)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)), when F_Length | F_Value => True)); @@ -813,12 +813,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is ((Valid (Ctx, F_Tag) - and then RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Error))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Error))) or Structural_Valid (Ctx, F_Value)); function Valid_Message (Ctx : Context) return Boolean is ((Valid (Ctx, F_Tag) - and then RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Error))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Error))) or Valid (Ctx, F_Value)); function Incomplete_Message (Ctx : Context) return Boolean is diff --git a/tests/integration/session_sequence_append_head/generated/rflx-tlv-tags.ads b/tests/integration/session_sequence_append_head/generated/rflx-tlv-tags.ads index c46e5f230..860b0840c 100644 --- a/tests/integration/session_sequence_append_head/generated/rflx-tlv-tags.ads +++ b/tests/integration/session_sequence_append_head/generated/rflx-tlv-tags.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.TLV.Tags is new RFLX.RFLX_Scalar_Sequence (RFLX.TLV.Tag, 8, RFLX.TLV.Valid_Tag, RFLX.TLV.To_Actual, RFLX.TLV.To_U64); +package RFLX.TLV.Tags is new RFLX.RFLX_Scalar_Sequence (RFLX.TLV.Tag, 8, RFLX.TLV.Valid_Tag, RFLX.TLV.To_Actual, RFLX.TLV.To_S63); diff --git a/tests/integration/session_sequence_append_head/generated/rflx-tlv.ads b/tests/integration/session_sequence_append_head/generated/rflx-tlv.ads index 305c66e46..32e16d8a4 100644 --- a/tests/integration/session_sequence_append_head/generated/rflx-tlv.ads +++ b/tests/integration/session_sequence_append_head/generated/rflx-tlv.ads @@ -11,12 +11,12 @@ is 8; for Tag use (Msg_Data => 1, Msg_Error => 3); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Tag (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Tag (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 1 | 3); - function To_U64 (Enum : RFLX.TLV.Tag) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.TLV.Tag) return RFLX.RFLX_Types.S63 is ((case Enum is when Msg_Data => 1, @@ -25,7 +25,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.TLV.Tag is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.TLV.Tag is ((case Val is when 1 => Msg_Data, @@ -43,13 +43,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.TLV.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.TLV.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.TLV.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.TLV.Length is (RFLX.TLV.Length (Val)) with Pre => diff --git a/tests/integration/session_simple/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_simple/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_simple/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_simple/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_simple/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_simple/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_simple/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_simple/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_simple/generated/rflx-rflx_generic_types.adb b/tests/integration/session_simple/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_simple/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_simple/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_simple/generated/rflx-rflx_generic_types.ads b/tests/integration/session_simple/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_simple/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_simple/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_simple/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_simple/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_simple/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_simple/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_simple/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_simple/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_simple/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_simple/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_simple/generated/rflx-universal-message.adb b/tests/integration/session_simple/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_simple/generated/rflx-universal-message.adb +++ b/tests/integration/session_simple/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_simple/generated/rflx-universal-message.ads b/tests/integration/session_simple/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_simple/generated/rflx-universal-message.ads +++ b/tests/integration/session_simple/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_simple/generated/rflx-universal-option.adb b/tests/integration/session_simple/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_simple/generated/rflx-universal-option.adb +++ b/tests/integration/session_simple/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_simple/generated/rflx-universal-option.ads b/tests/integration/session_simple/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_simple/generated/rflx-universal-option.ads +++ b/tests/integration/session_simple/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_simple/generated/rflx-universal-option_types.ads b/tests/integration/session_simple/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_simple/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_simple/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_simple/generated/rflx-universal-values.ads b/tests/integration/session_simple/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_simple/generated/rflx-universal-values.ads +++ b/tests/integration/session_simple/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_simple/generated/rflx-universal.ads b/tests/integration/session_simple/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_simple/generated/rflx-universal.ads +++ b/tests/integration/session_simple/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/integration/session_variable_initialization/generated/rflx-rflx_arithmetic.ads b/tests/integration/session_variable_initialization/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-rflx_arithmetic.ads +++ b/tests/integration/session_variable_initialization/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/integration/session_variable_initialization/generated/rflx-rflx_builtin_types-conversions.ads b/tests/integration/session_variable_initialization/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/integration/session_variable_initialization/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/integration/session_variable_initialization/generated/rflx-rflx_generic_types.adb b/tests/integration/session_variable_initialization/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-rflx_generic_types.adb +++ b/tests/integration/session_variable_initialization/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_variable_initialization/generated/rflx-rflx_generic_types.ads b/tests/integration/session_variable_initialization/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-rflx_generic_types.ads +++ b/tests/integration/session_variable_initialization/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/integration/session_variable_initialization/generated/rflx-rflx_scalar_sequence.adb b/tests/integration/session_variable_initialization/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/integration/session_variable_initialization/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/integration/session_variable_initialization/generated/rflx-rflx_scalar_sequence.ads b/tests/integration/session_variable_initialization/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/integration/session_variable_initialization/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/integration/session_variable_initialization/generated/rflx-universal-message.adb b/tests/integration/session_variable_initialization/generated/rflx-universal-message.adb index c80524dbf..5fcb5bba2 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-universal-message.adb +++ b/tests/integration/session_variable_initialization/generated/rflx-universal-message.adb @@ -84,45 +84,45 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then F_Length elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then F_Options else F_Initial), when F_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then F_Option_Types elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then F_Options elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8 then F_Value elsif - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then F_Values else @@ -212,7 +212,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data | F_Option_Types | F_Options | F_Values); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -239,7 +239,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -308,7 +308,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -339,19 +339,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -359,28 +359,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -415,12 +415,12 @@ is when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -430,12 +430,12 @@ is when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -452,7 +452,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -460,8 +460,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -470,19 +470,19 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -490,28 +490,28 @@ is when F_Length => Get_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)), @@ -537,22 +537,23 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Message_Type) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value (Ctx : in out Context; Val : RFLX.Universal.Value) is begin - Set_Scalar (Ctx, F_Value, To_U64 (Val)); + Set_Scalar (Ctx, F_Value, To_S63 (Val)); end Set_Value; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_variable_initialization/generated/rflx-universal-message.ads b/tests/integration/session_variable_initialization/generated/rflx-universal-message.ads index 09d46b9f0..8d3c0345c 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-universal-message.ads +++ b/tests/integration/session_variable_initialization/generated/rflx-universal-message.ads @@ -11,9 +11,9 @@ package RFLX.Universal.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -437,8 +437,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Message_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Message_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -452,19 +452,19 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Predecessor (Ctx, F_Length) = F_Message_Type and Valid_Next (Ctx, F_Length)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Predecessor (Ctx, F_Options) = F_Message_Type and Valid_Next (Ctx, F_Options)) @@ -481,8 +481,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -494,28 +494,28 @@ is and Invalid (Ctx, F_Value) and Invalid (Ctx, F_Values) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Predecessor (Ctx, F_Data) = F_Length and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Predecessor (Ctx, F_Option_Types) = F_Length and Valid_Next (Ctx, F_Option_Types)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Predecessor (Ctx, F_Options) = F_Length and Valid_Next (Ctx, F_Options)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Get_Length (Ctx)) = Universal.Value'Size / 8 + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Get_Length (Ctx)) = Universal.Value'Size / 8 then Predecessor (Ctx, F_Value) = F_Length and Valid_Next (Ctx, F_Value)) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Predecessor (Ctx, F_Values) = F_Length and Valid_Next (Ctx, F_Values)) @@ -535,8 +535,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Value) - and then RFLX.Universal.Valid_Value (To_U64 (Val)) - and then Field_Condition (Ctx, F_Value, To_U64 (Val)) + and then RFLX.Universal.Valid_Value (To_S63 (Val)) + and then Field_Condition (Ctx, F_Value, To_S63 (Val)) and then Available_Space (Ctx, F_Value) >= Field_Size (Ctx, F_Value), Post => Has_Buffer (Ctx) @@ -1145,7 +1145,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1198,46 +1198,46 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Length).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))))) and then (if Structural_Valid (Cursors (F_Data)) then (Valid (Cursors (F_Length)) and then Cursors (F_Data).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)))) and then (if Structural_Valid (Cursors (F_Option_Types)) then (Valid (Cursors (F_Length)) and then Cursors (F_Option_Types).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)))) and then (if Structural_Valid (Cursors (F_Options)) then (Valid (Cursors (F_Length)) and then Cursors (F_Options).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options))) or (Valid (Cursors (F_Message_Type)) and then Cursors (F_Options).Predecessor = F_Message_Type - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)))) and then (if Structural_Valid (Cursors (F_Value)) then (Valid (Cursors (F_Length)) and then Cursors (F_Value).Predecessor = F_Length - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8))) and then (if Structural_Valid (Cursors (F_Values)) then (Valid (Cursors (F_Length)) and then Cursors (F_Values).Predecessor = F_Length - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values))))) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Length))) and then (if Invalid (Cursors (F_Length)) @@ -1260,59 +1260,59 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Data).Predecessor = F_Message_Type and then Cursors (F_Data).First = Cursors (F_Message_Type).Last + 1) and then (if Structural_Valid (Cursors (F_Length)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Message_Type and then Cursors (F_Length).First = Cursors (F_Message_Type).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Data).Predecessor = F_Length and then Cursors (F_Data).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Option_Types)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) then Cursors (F_Option_Types).Last - Cursors (F_Option_Types).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Option_Types).Predecessor = F_Length and then Cursors (F_Option_Types).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Options).Predecessor = F_Length and then Cursors (F_Options).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Value)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Cursors (F_Length).Value) = Universal.Value'Size / 8) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Cursors (F_Length).Value) = Universal.Value'Size / 8) then Cursors (F_Value).Last - Cursors (F_Value).First + 1 = 8 and then Cursors (F_Value).Predecessor = F_Length and then Cursors (F_Value).First = Cursors (F_Length).Last + 1) and then (if Structural_Valid (Cursors (F_Values)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)) then Cursors (F_Values).Last - Cursors (F_Values).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Length).Value) * 8 and then Cursors (F_Values).Predecessor = F_Length and then Cursors (F_Values).First = Cursors (F_Length).Last + 1)) and then (if Structural_Valid (Cursors (F_Options)) - and then RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Message_Type).Last) and then Cursors (F_Options).Predecessor = F_Message_Type @@ -1352,7 +1352,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Message_Type (Val), @@ -1372,47 +1372,47 @@ private when F_Message_Type => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when others => False), when F_Length => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)), when F_Option_Types => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)), when F_Options => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)), when F_Value => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) - and RFLX_Types.U64 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) + and RFLX_Types.S63 (Ctx.Cursors (F_Length).Value) = Universal.Value'Size / 8, when F_Values => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - or (Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null)) - and Val /= RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Data))) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Unconstrained_Options)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + or (Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null)) + and Val /= RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Data))) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Unconstrained_Options)), when F_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Data)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Option_Types)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Options)) - or (RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Value)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Data)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Option_Types)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Options)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Value)) and Val = Universal.Value'Size / 8) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Values)), + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Values)), when F_Data | F_Option_Types | F_Options | F_Value | F_Values => True)); @@ -1425,12 +1425,12 @@ private when F_Data => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Data)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1440,12 +1440,12 @@ private when F_Options => (if Ctx.Cursors (Fld).Predecessor = F_Length - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Options)) then RFLX_Types.Bit_Length (Ctx.Cursors (F_Length).Value) * 8 elsif Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Last) else @@ -1536,7 +1536,7 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Structural_Valid (Ctx, F_Option_Types) or Structural_Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1545,7 +1545,7 @@ private function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Message_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.MT_Null))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.MT_Null))) or Valid (Ctx, F_Option_Types) or Valid (Ctx, F_Options) or Valid (Ctx, F_Value) @@ -1568,13 +1568,13 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Data)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Data)) then Size <= Available_Space (Ctx, Fld) elsif Fld = F_Options and then Ctx.Cursors (Fld).Predecessor = F_Message_Type - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.Universal.MT_Unconstrained_Options)) + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.Universal.MT_Unconstrained_Options)) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/integration/session_variable_initialization/generated/rflx-universal-option.adb b/tests/integration/session_variable_initialization/generated/rflx-universal-option.adb index d60c39ba5..7bb78d956 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-universal-option.adb +++ b/tests/integration/session_variable_initialization/generated/rflx-universal-option.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Option_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Option_Type => Get_Option_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Option_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Type, To_S63 (Val)); end Set_Option_Type; procedure Set_Length (Ctx : in out Context; Val : RFLX.Universal.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/integration/session_variable_initialization/generated/rflx-universal-option.ads b/tests/integration/session_variable_initialization/generated/rflx-universal-option.ads index 72423129c..aae2f16f0 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-universal-option.ads +++ b/tests/integration/session_variable_initialization/generated/rflx-universal-option.ads @@ -8,9 +8,9 @@ package RFLX.Universal.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Type) >= Field_Size (Ctx, F_Option_Type), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Option_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Option_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Length) = F_Option_Type and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Universal.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.Universal.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Option_Type)) and then Cursors (F_Length).Predecessor = F_Option_Type - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Option_Type).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + and then RFLX_Types.S63 (Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Option_Type @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Data | F_Final => True, when F_Option_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Option_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Length | F_Data => True)); @@ -814,12 +814,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Option_Type) - and then RFLX_Types.U64 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)))); + and then RFLX_Types.S63 (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)))); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/integration/session_variable_initialization/generated/rflx-universal-option_types.ads b/tests/integration/session_variable_initialization/generated/rflx-universal-option_types.ads index 9abd0d617..8dddbde06 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-universal-option_types.ads +++ b/tests/integration/session_variable_initialization/generated/rflx-universal-option_types.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Option_Types is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Option_Type, 8, RFLX.Universal.Valid_Option_Type, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_variable_initialization/generated/rflx-universal-values.ads b/tests/integration/session_variable_initialization/generated/rflx-universal-values.ads index 6ca12ccbc..ed4982e07 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-universal-values.ads +++ b/tests/integration/session_variable_initialization/generated/rflx-universal-values.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_U64); +package RFLX.Universal.Values is new RFLX.RFLX_Scalar_Sequence (RFLX.Universal.Value, 8, RFLX.Universal.Valid_Value, RFLX.Universal.To_Actual, RFLX.Universal.To_S63); diff --git a/tests/integration/session_variable_initialization/generated/rflx-universal.ads b/tests/integration/session_variable_initialization/generated/rflx-universal.ads index be71d38c3..c80876d3d 100644 --- a/tests/integration/session_variable_initialization/generated/rflx-universal.ads +++ b/tests/integration/session_variable_initialization/generated/rflx-universal.ads @@ -11,12 +11,12 @@ is 8; for Message_Type use (MT_Null => 0, MT_Data => 1, MT_Value => 2, MT_Values => 3, MT_Option_Types => 4, MT_Options => 5, MT_Unconstrained_Data => 6, MT_Unconstrained_Options => 7); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Message_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Message_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7); - function To_U64 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Message_Type) return RFLX.RFLX_Types.S63 is ((case Enum is when MT_Null => 0, @@ -37,7 +37,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Message_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Message_Type is ((case Val is when 0 => MT_Null, @@ -67,13 +67,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Length is (RFLX.Universal.Length (Val)) with Pre => @@ -83,13 +83,13 @@ is Size => 8; - function Valid_Value (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Value (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Universal.Value) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Value is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Value is (RFLX.Universal.Value (Val)) with Pre => @@ -106,17 +106,17 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -126,7 +126,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -138,7 +138,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/spark/generated/rflx-derivation-message.adb b/tests/spark/generated/rflx-derivation-message.adb index ac8ab616f..98218c31f 100644 --- a/tests/spark/generated/rflx-derivation-message.adb +++ b/tests/spark/generated/rflx-derivation-message.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Tag => (if - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Error)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Error)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Value); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Value (Ctx.Buffer.all (First .. Last)); end Generic_Get_Value; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Tag => Get_Tag (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then Predecessor (Ctx, F_Length) = F_Tag and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Tag => Get_Tag (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then Predecessor (Ctx, F_Length) = F_Tag and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Tag (Ctx : in out Context; Val : RFLX.TLV.Tag) is begin - Set_Scalar (Ctx, F_Tag, To_U64 (Val)); + Set_Scalar (Ctx, F_Tag, To_S63 (Val)); end Set_Tag; procedure Set_Length (Ctx : in out Context; Val : RFLX.TLV.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value_Empty (Ctx : in out Context) is diff --git a/tests/spark/generated/rflx-derivation-message.ads b/tests/spark/generated/rflx-derivation-message.ads index c1245f835..6b8087d63 100644 --- a/tests/spark/generated/rflx-derivation-message.ads +++ b/tests/spark/generated/rflx-derivation-message.ads @@ -10,9 +10,9 @@ package RFLX.Derivation.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -26,15 +26,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -243,7 +243,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -261,7 +261,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -432,8 +432,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Tag) - and then RFLX.TLV.Valid_Tag (To_U64 (Val)) - and then Field_Condition (Ctx, F_Tag, To_U64 (Val)) + and then RFLX.TLV.Valid_Tag (To_S63 (Val)) + and then Field_Condition (Ctx, F_Tag, To_S63 (Val)) and then Available_Space (Ctx, F_Tag) >= Field_Size (Ctx, F_Tag), Post => Has_Buffer (Ctx) @@ -443,7 +443,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Value) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then Predecessor (Ctx, F_Length) = F_Tag and Valid_Next (Ctx, F_Length)) @@ -460,8 +460,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.TLV.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.TLV.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -608,7 +608,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -661,7 +661,7 @@ private then (Valid (Cursors (F_Tag)) and then Cursors (F_Length).Predecessor = F_Tag - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)))) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)))) and then (if Structural_Valid (Cursors (F_Value)) then @@ -677,7 +677,7 @@ private and then Cursors (F_Tag).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Tag @@ -723,7 +723,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Tag => RFLX.TLV.Valid_Tag (Val), @@ -737,13 +737,13 @@ private when F_Initial | F_Length | F_Value | F_Final => True, when F_Tag => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Tag => - Val = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Error)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Error)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)), when F_Length | F_Value => True)); @@ -815,12 +815,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is ((Valid (Ctx, F_Tag) - and then RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Error))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Error))) or Structural_Valid (Ctx, F_Value)); function Valid_Message (Ctx : Context) return Boolean is ((Valid (Ctx, F_Tag) - and then RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Error))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Error))) or Valid (Ctx, F_Value)); function Incomplete_Message (Ctx : Context) return Boolean is diff --git a/tests/spark/generated/rflx-enumeration-message.adb b/tests/spark/generated/rflx-enumeration-message.adb index 19c5730f5..1188a860f 100644 --- a/tests/spark/generated/rflx-enumeration-message.adb +++ b/tests/spark/generated/rflx-enumeration-message.adb @@ -132,7 +132,7 @@ is and Field_Size (Ctx, Fld) = Size); end Reset_Dependent_Fields; - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -152,7 +152,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -185,7 +185,7 @@ is end loop; end Verify_Message; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -240,7 +240,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -248,8 +248,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -270,12 +270,13 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Priority (Ctx : in out Context; Val : RFLX.Enumeration.Priority_Enum) is begin - Set_Scalar (Ctx, F_Priority, To_U64 (Val)); + Set_Scalar (Ctx, F_Priority, To_S63 (Val)); end Set_Priority; procedure Set_Priority (Ctx : in out Context; Val : RFLX.Enumeration.Priority) with @@ -299,7 +300,7 @@ is and Valid_Next (Ctx, F_Priority) = Valid_Next (Ctx, F_Priority)'Old is begin - Set_Scalar (Ctx, F_Priority, To_U64 (Val)); + Set_Scalar (Ctx, F_Priority, To_S63 (Val)); end Set_Priority; procedure To_Structure (Ctx : Context; Struct : out Structure) is diff --git a/tests/spark/generated/rflx-enumeration-message.ads b/tests/spark/generated/rflx-enumeration-message.ads index 79b77a9d1..7b1a5a260 100644 --- a/tests/spark/generated/rflx-enumeration-message.ads +++ b/tests/spark/generated/rflx-enumeration-message.ads @@ -8,9 +8,9 @@ package RFLX.Enumeration.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -22,15 +22,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -239,7 +239,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -381,7 +381,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Priority) - and then RFLX.Enumeration.Valid_Priority (To_U64 (Val)) + and then RFLX.Enumeration.Valid_Priority (To_S63 (Val)) and then Field_Condition (Ctx, F_Priority) and then Available_Space (Ctx, F_Priority) >= Field_Size (Ctx, F_Priority), Post => @@ -450,7 +450,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -541,7 +541,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Priority => RFLX.Enumeration.Valid_Priority (Val))); diff --git a/tests/spark/generated/rflx-enumeration.ads b/tests/spark/generated/rflx-enumeration.ads index eb00520b6..ee68732f7 100644 --- a/tests/spark/generated/rflx-enumeration.ads +++ b/tests/spark/generated/rflx-enumeration.ads @@ -17,19 +17,19 @@ is when True => Enum : Priority_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Priority (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Priority (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Priority (Val : Priority) return Boolean is ((if Val.Known then True else Valid_Priority (Val.Raw) and Val.Raw not in 1 | 4 | 7)); - function To_U64 (Enum : RFLX.Enumeration.Priority_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Enumeration.Priority_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when Low => 1, @@ -41,7 +41,7 @@ is function To_Actual (Enum : Priority_Enum) return RFLX.Enumeration.Priority is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Enumeration.Priority is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Enumeration.Priority is ((case Val is when 1 => (True, Low), @@ -55,7 +55,7 @@ is Pre => Valid_Priority (Val); - function To_U64 (Val : RFLX.Enumeration.Priority) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Enumeration.Priority) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Enumeration; diff --git a/tests/spark/generated/rflx-ethernet-frame.adb b/tests/spark/generated/rflx-ethernet-frame.adb index 5b090e319..1d8f70519 100644 --- a/tests/spark/generated/rflx-ethernet-frame.adb +++ b/tests/spark/generated/rflx-ethernet-frame.adb @@ -114,8 +114,8 @@ is F_Initial), when F_Payload => (if - RFLX_Types.U64 (Ctx.Cursors (F_Payload).Last - Ctx.Cursors (F_Payload).First + 1) / 8 >= 46 - and RFLX_Types.U64 (Ctx.Cursors (F_Payload).Last - Ctx.Cursors (F_Payload).First + 1) / 8 <= 1500 + RFLX_Types.S63 (Ctx.Cursors (F_Payload).Last - Ctx.Cursors (F_Payload).First + 1) / 8 >= 46 + and RFLX_Types.S63 (Ctx.Cursors (F_Payload).Last - Ctx.Cursors (F_Payload).First + 1) / 8 <= 1500 then F_Final else @@ -206,7 +206,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Payload); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -231,7 +231,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -292,7 +292,7 @@ is Process_Payload (Ctx.Buffer.all (First .. Last)); end Generic_Get_Payload; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -403,7 +403,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -411,8 +411,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -474,37 +474,38 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Destination (Ctx : in out Context; Val : RFLX.Ethernet.Address) is begin - Set_Scalar (Ctx, F_Destination, To_U64 (Val)); + Set_Scalar (Ctx, F_Destination, To_S63 (Val)); end Set_Destination; procedure Set_Source (Ctx : in out Context; Val : RFLX.Ethernet.Address) is begin - Set_Scalar (Ctx, F_Source, To_U64 (Val)); + Set_Scalar (Ctx, F_Source, To_S63 (Val)); end Set_Source; procedure Set_Type_Length_TPID (Ctx : in out Context; Val : RFLX.Ethernet.Type_Length) is begin - Set_Scalar (Ctx, F_Type_Length_TPID, To_U64 (Val)); + Set_Scalar (Ctx, F_Type_Length_TPID, To_S63 (Val)); end Set_Type_Length_TPID; procedure Set_TPID (Ctx : in out Context; Val : RFLX.Ethernet.TPID) is begin - Set_Scalar (Ctx, F_TPID, To_U64 (Val)); + Set_Scalar (Ctx, F_TPID, To_S63 (Val)); end Set_TPID; procedure Set_TCI (Ctx : in out Context; Val : RFLX.Ethernet.TCI) is begin - Set_Scalar (Ctx, F_TCI, To_U64 (Val)); + Set_Scalar (Ctx, F_TCI, To_S63 (Val)); end Set_TCI; procedure Set_Type_Length (Ctx : in out Context; Val : RFLX.Ethernet.Type_Length) is begin - Set_Scalar (Ctx, F_Type_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Type_Length, To_S63 (Val)); end Set_Type_Length; procedure Initialize_Payload_Private (Ctx : in out Context; Length : RFLX_Types.Length) with diff --git a/tests/spark/generated/rflx-ethernet-frame.ads b/tests/spark/generated/rflx-ethernet-frame.ads index 54b61ef17..3b774b459 100644 --- a/tests/spark/generated/rflx-ethernet-frame.ads +++ b/tests/spark/generated/rflx-ethernet-frame.ads @@ -8,9 +8,9 @@ package RFLX.Ethernet.Frame with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length := 0) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length := 0) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -446,8 +446,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Destination) - and then RFLX.Ethernet.Valid_Address (To_U64 (Val)) - and then Field_Condition (Ctx, F_Destination, To_U64 (Val)) + and then RFLX.Ethernet.Valid_Address (To_S63 (Val)) + and then Field_Condition (Ctx, F_Destination, To_S63 (Val)) and then Available_Space (Ctx, F_Destination) >= Field_Size (Ctx, F_Destination), Post => Has_Buffer (Ctx) @@ -474,8 +474,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Source) - and then RFLX.Ethernet.Valid_Address (To_U64 (Val)) - and then Field_Condition (Ctx, F_Source, To_U64 (Val)) + and then RFLX.Ethernet.Valid_Address (To_S63 (Val)) + and then Field_Condition (Ctx, F_Source, To_S63 (Val)) and then Available_Space (Ctx, F_Source) >= Field_Size (Ctx, F_Source), Post => Has_Buffer (Ctx) @@ -504,8 +504,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Type_Length_TPID) - and then RFLX.Ethernet.Valid_Type_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Type_Length_TPID, To_U64 (Val)) + and then RFLX.Ethernet.Valid_Type_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Type_Length_TPID, To_S63 (Val)) and then Available_Space (Ctx, F_Type_Length_TPID) >= Field_Size (Ctx, F_Type_Length_TPID), Post => Has_Buffer (Ctx) @@ -542,8 +542,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_TPID) - and then RFLX.Ethernet.Valid_TPID (To_U64 (Val)) - and then Field_Condition (Ctx, F_TPID, To_U64 (Val)) + and then RFLX.Ethernet.Valid_TPID (To_S63 (Val)) + and then Field_Condition (Ctx, F_TPID, To_S63 (Val)) and then Available_Space (Ctx, F_TPID) >= Field_Size (Ctx, F_TPID), Post => Has_Buffer (Ctx) @@ -571,8 +571,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_TCI) - and then RFLX.Ethernet.Valid_TCI (To_U64 (Val)) - and then Field_Condition (Ctx, F_TCI, To_U64 (Val)) + and then RFLX.Ethernet.Valid_TCI (To_S63 (Val)) + and then Field_Condition (Ctx, F_TCI, To_S63 (Val)) and then Available_Space (Ctx, F_TCI) >= Field_Size (Ctx, F_TCI), Post => Has_Buffer (Ctx) @@ -600,8 +600,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Type_Length) - and then RFLX.Ethernet.Valid_Type_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Type_Length, To_U64 (Val)) + and then RFLX.Ethernet.Valid_Type_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Type_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Type_Length) >= Field_Size (Ctx, F_Type_Length), Post => Has_Buffer (Ctx) @@ -742,7 +742,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -945,7 +945,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Destination | F_Source => RFLX.Ethernet.Valid_Address (Val), @@ -980,7 +980,7 @@ private when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length := 0) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length := 0) return Boolean is ((case Fld is when F_Destination | F_Source => True, @@ -993,8 +993,8 @@ private Val <= 1500 or Val >= 1536, when F_Payload => - RFLX_Types.U64 (Size) / 8 >= 46 - and RFLX_Types.U64 (Size) / 8 <= 1500)); + RFLX_Types.S63 (Size) / 8 >= 46 + and RFLX_Types.S63 (Size) / 8 <= 1500)); function Field_Size (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is ((case Fld is @@ -1104,13 +1104,13 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Payload) - and then (RFLX_Types.U64 (Ctx.Cursors (F_Payload).Last - Ctx.Cursors (F_Payload).First + 1) / 8 >= 46 - and RFLX_Types.U64 (Ctx.Cursors (F_Payload).Last - Ctx.Cursors (F_Payload).First + 1) / 8 <= 1500)); + and then (RFLX_Types.S63 (Ctx.Cursors (F_Payload).Last - Ctx.Cursors (F_Payload).First + 1) / 8 >= 46 + and RFLX_Types.S63 (Ctx.Cursors (F_Payload).Last - Ctx.Cursors (F_Payload).First + 1) / 8 <= 1500)); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Payload) - and then (RFLX_Types.U64 (Ctx.Cursors (F_Payload).Last - Ctx.Cursors (F_Payload).First + 1) / 8 >= 46 - and RFLX_Types.U64 (Ctx.Cursors (F_Payload).Last - Ctx.Cursors (F_Payload).First + 1) / 8 <= 1500)); + and then (RFLX_Types.S63 (Ctx.Cursors (F_Payload).Last - Ctx.Cursors (F_Payload).First + 1) / 8 >= 46 + and RFLX_Types.S63 (Ctx.Cursors (F_Payload).Last - Ctx.Cursors (F_Payload).First + 1) / 8 <= 1500)); function Incomplete_Message (Ctx : Context) return Boolean is ((for some F in Field => diff --git a/tests/spark/generated/rflx-ethernet.ads b/tests/spark/generated/rflx-ethernet.ads index 8f9ae5bed..ef639cf44 100644 --- a/tests/spark/generated/rflx-ethernet.ads +++ b/tests/spark/generated/rflx-ethernet.ads @@ -10,15 +10,15 @@ is Size => 48; - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Address (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Address (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 281474976710655); - function To_U64 (Val : RFLX.Ethernet.Address) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Ethernet.Address) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Ethernet.Address is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Ethernet.Address is (RFLX.Ethernet.Address (Val)) with Pre => @@ -28,14 +28,14 @@ is Size => 16; - function Valid_Type_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Type_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val >= 46 and Val <= 65535); - function To_U64 (Val : RFLX.Ethernet.Type_Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Ethernet.Type_Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Ethernet.Type_Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Ethernet.Type_Length is (RFLX.Ethernet.Type_Length (Val)) with Pre => @@ -45,13 +45,13 @@ is Size => 16; - function Valid_TPID (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_TPID (Val : RFLX.RFLX_Types.S63) return Boolean is (Val = 16#8100#); - function To_U64 (Val : RFLX.Ethernet.TPID) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Ethernet.TPID) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Ethernet.TPID is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Ethernet.TPID is (RFLX.Ethernet.TPID (Val)) with Pre => @@ -61,13 +61,13 @@ is Size => 16; - function Valid_TCI (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_TCI (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Ethernet.TCI) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Ethernet.TCI) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Ethernet.TCI is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Ethernet.TCI is (RFLX.Ethernet.TCI (Val)) with Pre => diff --git a/tests/spark/generated/rflx-expression-message.adb b/tests/spark/generated/rflx-expression-message.adb index b43a85c70..2150db36f 100644 --- a/tests/spark/generated/rflx-expression-message.adb +++ b/tests/spark/generated/rflx-expression-message.adb @@ -144,7 +144,7 @@ is end Reset_Dependent_Fields; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) diff --git a/tests/spark/generated/rflx-expression-message.ads b/tests/spark/generated/rflx-expression-message.ads index 9a2ca0359..7678ae654 100644 --- a/tests/spark/generated/rflx-expression-message.ads +++ b/tests/spark/generated/rflx-expression-message.ads @@ -8,9 +8,9 @@ package RFLX.Expression.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,13 +24,13 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -239,7 +239,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Unused_Fld : Field; Unused_Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Unused_Fld : Field; Unused_Val : RFLX_Types.S63) return Boolean with Post => True; @@ -529,7 +529,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -620,7 +620,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Unused_Fld : Field; Unused_Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Unused_Fld : Field; Unused_Val : RFLX_Types.S63) return Boolean is (True); function Path_Condition (Ctx : Context; Fld : Field) return Boolean is diff --git a/tests/spark/generated/rflx-fixed_size-simple_message.adb b/tests/spark/generated/rflx-fixed_size-simple_message.adb index f45576723..d38dffe30 100644 --- a/tests/spark/generated/rflx-fixed_size-simple_message.adb +++ b/tests/spark/generated/rflx-fixed_size-simple_message.adb @@ -84,8 +84,8 @@ is ((case Fld is when F_Message_Type => (if - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then F_Data else @@ -167,7 +167,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -190,7 +190,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -251,7 +251,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -282,8 +282,8 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)), @@ -318,7 +318,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -326,8 +326,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -336,8 +336,8 @@ is when F_Message_Type => Get_Message_Type (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)), @@ -358,12 +358,13 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type_Enum) is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Set_Message_Type (Ctx : in out Context; Val : RFLX.Universal.Option_Type) with @@ -372,7 +373,7 @@ is and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) and then RFLX.Universal.Valid_Option_Type (Val) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -380,8 +381,8 @@ is and Get_Message_Type (Ctx) = Val and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) @@ -393,7 +394,7 @@ is and Valid_Next (Ctx, F_Message_Type) = Valid_Next (Ctx, F_Message_Type)'Old is begin - Set_Scalar (Ctx, F_Message_Type, To_U64 (Val)); + Set_Scalar (Ctx, F_Message_Type, To_S63 (Val)); end Set_Message_Type; procedure Initialize_Data_Private (Ctx : in out Context; Length : RFLX_Types.Length) with diff --git a/tests/spark/generated/rflx-fixed_size-simple_message.ads b/tests/spark/generated/rflx-fixed_size-simple_message.ads index 1d17de2f0..6e5c4bc2b 100644 --- a/tests/spark/generated/rflx-fixed_size-simple_message.ads +++ b/tests/spark/generated/rflx-fixed_size-simple_message.ads @@ -10,9 +10,9 @@ package RFLX.Fixed_Size.Simple_Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -26,15 +26,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -243,7 +243,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -261,7 +261,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -428,8 +428,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Message_Type) - and then RFLX.Universal.Valid_Option_Type (To_U64 (Val)) - and then Field_Condition (Ctx, F_Message_Type, To_U64 (Val)) + and then RFLX.Universal.Valid_Option_Type (To_S63 (Val)) + and then Field_Condition (Ctx, F_Message_Type, To_S63 (Val)) and then Available_Space (Ctx, F_Message_Type) >= Field_Size (Ctx, F_Message_Type), Post => Has_Buffer (Ctx) @@ -437,8 +437,8 @@ is and Get_Message_Type (Ctx) = (True, Val) and Invalid (Ctx, F_Data) and (if - RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or RFLX_Types.U64 (To_U64 (Get_Message_Type (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)) + RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or RFLX_Types.S63 (To_S63 (Get_Message_Type (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)) then Predecessor (Ctx, F_Data) = F_Message_Type and Valid_Next (Ctx, F_Data)) @@ -577,7 +577,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -630,8 +630,8 @@ private then (Valid (Cursors (F_Message_Type)) and then Cursors (F_Data).Predecessor = F_Message_Type - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))))) and then ((if Invalid (Cursors (F_Message_Type)) then Invalid (Cursors (F_Data)))) and then (if Structural_Valid (Cursors (F_Message_Type)) @@ -641,8 +641,8 @@ private and then Cursors (F_Message_Type).First = First and then (if Structural_Valid (Cursors (F_Data)) - and then (RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or RFLX_Types.U64 (Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data))) + and then (RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or RFLX_Types.S63 (Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data))) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = 24 and then Cursors (F_Data).Predecessor = F_Message_Type @@ -682,7 +682,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => RFLX.Universal.Valid_Option_Type (Val), @@ -694,14 +694,14 @@ private when F_Initial | F_Data | F_Final => True, when F_Message_Type => - RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or RFLX_Types.U64 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or RFLX_Types.S63 (Ctx.Cursors (F_Message_Type).Value) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Message_Type => - Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)), when F_Data => True)); @@ -797,7 +797,7 @@ private function Valid_Structure (Struct : Structure) return Boolean is (RFLX.Universal.Valid_Option_Type (Struct.Message_Type) - and then (To_U64 (Struct.Message_Type) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Null)) - or To_U64 (Struct.Message_Type) = RFLX_Types.U64 (To_U64 (RFLX.Universal.OT_Data)))); + and then (To_S63 (Struct.Message_Type) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Null)) + or To_S63 (Struct.Message_Type) = RFLX_Types.S63 (To_S63 (RFLX.Universal.OT_Data)))); end RFLX.Fixed_Size.Simple_Message; diff --git a/tests/spark/generated/rflx-icmp-message.adb b/tests/spark/generated/rflx-icmp-message.adb index 1889616ae..107e5f442 100644 --- a/tests/spark/generated/rflx-icmp-message.adb +++ b/tests/spark/generated/rflx-icmp-message.adb @@ -84,26 +84,26 @@ is ((case Fld is when F_Tag => (if - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) then F_Code_Destination_Unreachable elsif - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then F_Code_Redirect elsif - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) then F_Code_Time_Exceeded elsif - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) then F_Code_Zero else @@ -112,26 +112,26 @@ is F_Checksum, when F_Checksum => (if - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then F_Gateway_Internet_Address elsif - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) then F_Identifier elsif - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) then F_Pointer elsif - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)) then F_Unused_32 else @@ -146,18 +146,18 @@ is F_Data, when F_Sequence_Number => (if - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) then F_Data elsif - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) then F_Originate_Timestamp else @@ -276,7 +276,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -315,7 +315,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -381,7 +381,7 @@ is Process_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -412,29 +412,29 @@ is when F_Tag => Get_Tag (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) then Predecessor (Ctx, F_Code_Destination_Unreachable) = F_Tag and Valid_Next (Ctx, F_Code_Destination_Unreachable)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then Predecessor (Ctx, F_Code_Redirect) = F_Tag and Valid_Next (Ctx, F_Code_Redirect)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) then Predecessor (Ctx, F_Code_Time_Exceeded) = F_Tag and Valid_Next (Ctx, F_Code_Time_Exceeded)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) then Predecessor (Ctx, F_Code_Zero) = F_Tag and Valid_Next (Ctx, F_Code_Zero)), @@ -456,29 +456,29 @@ is when F_Checksum => Get_Checksum (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then Predecessor (Ctx, F_Gateway_Internet_Address) = F_Checksum and Valid_Next (Ctx, F_Gateway_Internet_Address)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) then Predecessor (Ctx, F_Identifier) = F_Checksum and Valid_Next (Ctx, F_Identifier)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) then Predecessor (Ctx, F_Pointer) = F_Checksum and Valid_Next (Ctx, F_Pointer)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)) then Predecessor (Ctx, F_Unused_32) = F_Checksum and Valid_Next (Ctx, F_Unused_32)), @@ -500,14 +500,14 @@ is when F_Sequence_Number => Get_Sequence_Number (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) then Predecessor (Ctx, F_Data) = F_Sequence_Number and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) then Predecessor (Ctx, F_Originate_Timestamp) = F_Sequence_Number and Valid_Next (Ctx, F_Originate_Timestamp)) @@ -570,8 +570,8 @@ is 224 elsif Ctx.Cursors (Fld).Predecessor = F_Sequence_Number - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Tag).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Tag).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.ICMP.Echo_Request))) + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Tag).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Tag).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.ICMP.Echo_Request))) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number).Last) elsif @@ -594,7 +594,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -602,8 +602,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -612,29 +612,29 @@ is when F_Tag => Get_Tag (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) then Predecessor (Ctx, F_Code_Destination_Unreachable) = F_Tag and Valid_Next (Ctx, F_Code_Destination_Unreachable)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then Predecessor (Ctx, F_Code_Redirect) = F_Tag and Valid_Next (Ctx, F_Code_Redirect)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) then Predecessor (Ctx, F_Code_Time_Exceeded) = F_Tag and Valid_Next (Ctx, F_Code_Time_Exceeded)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) then Predecessor (Ctx, F_Code_Zero) = F_Tag and Valid_Next (Ctx, F_Code_Zero)), @@ -656,29 +656,29 @@ is when F_Checksum => Get_Checksum (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then Predecessor (Ctx, F_Gateway_Internet_Address) = F_Checksum and Valid_Next (Ctx, F_Gateway_Internet_Address)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) then Predecessor (Ctx, F_Identifier) = F_Checksum and Valid_Next (Ctx, F_Identifier)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) then Predecessor (Ctx, F_Pointer) = F_Checksum and Valid_Next (Ctx, F_Pointer)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)) then Predecessor (Ctx, F_Unused_32) = F_Checksum and Valid_Next (Ctx, F_Unused_32)), @@ -700,14 +700,14 @@ is when F_Sequence_Number => Get_Sequence_Number (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) then Predecessor (Ctx, F_Data) = F_Sequence_Number and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) then Predecessor (Ctx, F_Originate_Timestamp) = F_Sequence_Number and Valid_Next (Ctx, F_Originate_Timestamp)) @@ -743,82 +743,83 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Tag (Ctx : in out Context; Val : RFLX.ICMP.Tag) is begin - Set_Scalar (Ctx, F_Tag, To_U64 (Val)); + Set_Scalar (Ctx, F_Tag, To_S63 (Val)); end Set_Tag; procedure Set_Code_Destination_Unreachable (Ctx : in out Context; Val : RFLX.ICMP.Code_Destination_Unreachable) is begin - Set_Scalar (Ctx, F_Code_Destination_Unreachable, To_U64 (Val)); + Set_Scalar (Ctx, F_Code_Destination_Unreachable, To_S63 (Val)); end Set_Code_Destination_Unreachable; procedure Set_Code_Redirect (Ctx : in out Context; Val : RFLX.ICMP.Code_Redirect) is begin - Set_Scalar (Ctx, F_Code_Redirect, To_U64 (Val)); + Set_Scalar (Ctx, F_Code_Redirect, To_S63 (Val)); end Set_Code_Redirect; procedure Set_Code_Time_Exceeded (Ctx : in out Context; Val : RFLX.ICMP.Code_Time_Exceeded) is begin - Set_Scalar (Ctx, F_Code_Time_Exceeded, To_U64 (Val)); + Set_Scalar (Ctx, F_Code_Time_Exceeded, To_S63 (Val)); end Set_Code_Time_Exceeded; procedure Set_Code_Zero (Ctx : in out Context; Val : RFLX.ICMP.Code_Zero) is begin - Set_Scalar (Ctx, F_Code_Zero, To_U64 (Val)); + Set_Scalar (Ctx, F_Code_Zero, To_S63 (Val)); end Set_Code_Zero; procedure Set_Checksum (Ctx : in out Context; Val : RFLX.ICMP.Checksum) is begin - Set_Scalar (Ctx, F_Checksum, To_U64 (Val)); + Set_Scalar (Ctx, F_Checksum, To_S63 (Val)); end Set_Checksum; procedure Set_Gateway_Internet_Address (Ctx : in out Context; Val : RFLX.ICMP.Gateway_Internet_Address) is begin - Set_Scalar (Ctx, F_Gateway_Internet_Address, To_U64 (Val)); + Set_Scalar (Ctx, F_Gateway_Internet_Address, To_S63 (Val)); end Set_Gateway_Internet_Address; procedure Set_Identifier (Ctx : in out Context; Val : RFLX.ICMP.Identifier) is begin - Set_Scalar (Ctx, F_Identifier, To_U64 (Val)); + Set_Scalar (Ctx, F_Identifier, To_S63 (Val)); end Set_Identifier; procedure Set_Pointer (Ctx : in out Context; Val : RFLX.ICMP.Pointer) is begin - Set_Scalar (Ctx, F_Pointer, To_U64 (Val)); + Set_Scalar (Ctx, F_Pointer, To_S63 (Val)); end Set_Pointer; procedure Set_Unused_32 (Ctx : in out Context; Val : RFLX.ICMP.Unused_32) is begin - Set_Scalar (Ctx, F_Unused_32, To_U64 (Val)); + Set_Scalar (Ctx, F_Unused_32, To_S63 (Val)); end Set_Unused_32; procedure Set_Sequence_Number (Ctx : in out Context; Val : RFLX.ICMP.Sequence_Number) is begin - Set_Scalar (Ctx, F_Sequence_Number, To_U64 (Val)); + Set_Scalar (Ctx, F_Sequence_Number, To_S63 (Val)); end Set_Sequence_Number; procedure Set_Unused_24 (Ctx : in out Context; Val : RFLX.ICMP.Unused_24) is begin - Set_Scalar (Ctx, F_Unused_24, To_U64 (Val)); + Set_Scalar (Ctx, F_Unused_24, To_S63 (Val)); end Set_Unused_24; procedure Set_Originate_Timestamp (Ctx : in out Context; Val : RFLX.ICMP.Timestamp) is begin - Set_Scalar (Ctx, F_Originate_Timestamp, To_U64 (Val)); + Set_Scalar (Ctx, F_Originate_Timestamp, To_S63 (Val)); end Set_Originate_Timestamp; procedure Set_Receive_Timestamp (Ctx : in out Context; Val : RFLX.ICMP.Timestamp) is begin - Set_Scalar (Ctx, F_Receive_Timestamp, To_U64 (Val)); + Set_Scalar (Ctx, F_Receive_Timestamp, To_S63 (Val)); end Set_Receive_Timestamp; procedure Set_Transmit_Timestamp (Ctx : in out Context; Val : RFLX.ICMP.Timestamp) is begin - Set_Scalar (Ctx, F_Transmit_Timestamp, To_U64 (Val)); + Set_Scalar (Ctx, F_Transmit_Timestamp, To_S63 (Val)); end Set_Transmit_Timestamp; procedure Set_Data_Empty (Ctx : in out Context) is diff --git a/tests/spark/generated/rflx-icmp-message.ads b/tests/spark/generated/rflx-icmp-message.ads index 0eb6a1c4c..5c83978b9 100644 --- a/tests/spark/generated/rflx-icmp-message.ads +++ b/tests/spark/generated/rflx-icmp-message.ads @@ -8,9 +8,9 @@ package RFLX.ICMP.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -482,8 +482,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Tag) - and then RFLX.ICMP.Valid_Tag (To_U64 (Val)) - and then Field_Condition (Ctx, F_Tag, To_U64 (Val)) + and then RFLX.ICMP.Valid_Tag (To_S63 (Val)) + and then Field_Condition (Ctx, F_Tag, To_S63 (Val)) and then Available_Space (Ctx, F_Tag) >= Field_Size (Ctx, F_Tag), Post => Has_Buffer (Ctx) @@ -505,29 +505,29 @@ is and Invalid (Ctx, F_Receive_Timestamp) and Invalid (Ctx, F_Transmit_Timestamp) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) then Predecessor (Ctx, F_Code_Destination_Unreachable) = F_Tag and Valid_Next (Ctx, F_Code_Destination_Unreachable)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then Predecessor (Ctx, F_Code_Redirect) = F_Tag and Valid_Next (Ctx, F_Code_Redirect)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) then Predecessor (Ctx, F_Code_Time_Exceeded) = F_Tag and Valid_Next (Ctx, F_Code_Time_Exceeded)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) then Predecessor (Ctx, F_Code_Zero) = F_Tag and Valid_Next (Ctx, F_Code_Zero)) @@ -544,8 +544,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Code_Destination_Unreachable) - and then RFLX.ICMP.Valid_Code_Destination_Unreachable (To_U64 (Val)) - and then Field_Condition (Ctx, F_Code_Destination_Unreachable, To_U64 (Val)) + and then RFLX.ICMP.Valid_Code_Destination_Unreachable (To_S63 (Val)) + and then Field_Condition (Ctx, F_Code_Destination_Unreachable, To_S63 (Val)) and then Available_Space (Ctx, F_Code_Destination_Unreachable) >= Field_Size (Ctx, F_Code_Destination_Unreachable), Post => Has_Buffer (Ctx) @@ -583,8 +583,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Code_Redirect) - and then RFLX.ICMP.Valid_Code_Redirect (To_U64 (Val)) - and then Field_Condition (Ctx, F_Code_Redirect, To_U64 (Val)) + and then RFLX.ICMP.Valid_Code_Redirect (To_S63 (Val)) + and then Field_Condition (Ctx, F_Code_Redirect, To_S63 (Val)) and then Available_Space (Ctx, F_Code_Redirect) >= Field_Size (Ctx, F_Code_Redirect), Post => Has_Buffer (Ctx) @@ -621,8 +621,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Code_Time_Exceeded) - and then RFLX.ICMP.Valid_Code_Time_Exceeded (To_U64 (Val)) - and then Field_Condition (Ctx, F_Code_Time_Exceeded, To_U64 (Val)) + and then RFLX.ICMP.Valid_Code_Time_Exceeded (To_S63 (Val)) + and then Field_Condition (Ctx, F_Code_Time_Exceeded, To_S63 (Val)) and then Available_Space (Ctx, F_Code_Time_Exceeded) >= Field_Size (Ctx, F_Code_Time_Exceeded), Post => Has_Buffer (Ctx) @@ -658,8 +658,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Code_Zero) - and then RFLX.ICMP.Valid_Code_Zero (To_U64 (Val)) - and then Field_Condition (Ctx, F_Code_Zero, To_U64 (Val)) + and then RFLX.ICMP.Valid_Code_Zero (To_S63 (Val)) + and then Field_Condition (Ctx, F_Code_Zero, To_S63 (Val)) and then Available_Space (Ctx, F_Code_Zero) >= Field_Size (Ctx, F_Code_Zero), Post => Has_Buffer (Ctx) @@ -693,8 +693,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Checksum) - and then RFLX.ICMP.Valid_Checksum (To_U64 (Val)) - and then Field_Condition (Ctx, F_Checksum, To_U64 (Val)) + and then RFLX.ICMP.Valid_Checksum (To_S63 (Val)) + and then Field_Condition (Ctx, F_Checksum, To_S63 (Val)) and then Available_Space (Ctx, F_Checksum) >= Field_Size (Ctx, F_Checksum), Post => Has_Buffer (Ctx) @@ -711,29 +711,29 @@ is and Invalid (Ctx, F_Receive_Timestamp) and Invalid (Ctx, F_Transmit_Timestamp) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then Predecessor (Ctx, F_Gateway_Internet_Address) = F_Checksum and Valid_Next (Ctx, F_Gateway_Internet_Address)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) then Predecessor (Ctx, F_Identifier) = F_Checksum and Valid_Next (Ctx, F_Identifier)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) then Predecessor (Ctx, F_Pointer) = F_Checksum and Valid_Next (Ctx, F_Pointer)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)) then Predecessor (Ctx, F_Unused_32) = F_Checksum and Valid_Next (Ctx, F_Unused_32)) @@ -753,8 +753,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Gateway_Internet_Address) - and then RFLX.ICMP.Valid_Gateway_Internet_Address (To_U64 (Val)) - and then Field_Condition (Ctx, F_Gateway_Internet_Address, To_U64 (Val)) + and then RFLX.ICMP.Valid_Gateway_Internet_Address (To_S63 (Val)) + and then Field_Condition (Ctx, F_Gateway_Internet_Address, To_S63 (Val)) and then Available_Space (Ctx, F_Gateway_Internet_Address) >= Field_Size (Ctx, F_Gateway_Internet_Address), Post => Has_Buffer (Ctx) @@ -788,8 +788,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Identifier) - and then RFLX.ICMP.Valid_Identifier (To_U64 (Val)) - and then Field_Condition (Ctx, F_Identifier, To_U64 (Val)) + and then RFLX.ICMP.Valid_Identifier (To_S63 (Val)) + and then Field_Condition (Ctx, F_Identifier, To_S63 (Val)) and then Available_Space (Ctx, F_Identifier) >= Field_Size (Ctx, F_Identifier), Post => Has_Buffer (Ctx) @@ -822,8 +822,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Pointer) - and then RFLX.ICMP.Valid_Pointer (To_U64 (Val)) - and then Field_Condition (Ctx, F_Pointer, To_U64 (Val)) + and then RFLX.ICMP.Valid_Pointer (To_S63 (Val)) + and then Field_Condition (Ctx, F_Pointer, To_S63 (Val)) and then Available_Space (Ctx, F_Pointer) >= Field_Size (Ctx, F_Pointer), Post => Has_Buffer (Ctx) @@ -855,8 +855,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Unused_32) - and then RFLX.ICMP.Valid_Unused_32 (To_U64 (Val)) - and then Field_Condition (Ctx, F_Unused_32, To_U64 (Val)) + and then RFLX.ICMP.Valid_Unused_32 (To_S63 (Val)) + and then Field_Condition (Ctx, F_Unused_32, To_S63 (Val)) and then Available_Space (Ctx, F_Unused_32) >= Field_Size (Ctx, F_Unused_32), Post => Has_Buffer (Ctx) @@ -886,8 +886,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Sequence_Number) - and then RFLX.ICMP.Valid_Sequence_Number (To_U64 (Val)) - and then Field_Condition (Ctx, F_Sequence_Number, To_U64 (Val)) + and then RFLX.ICMP.Valid_Sequence_Number (To_S63 (Val)) + and then Field_Condition (Ctx, F_Sequence_Number, To_S63 (Val)) and then Available_Space (Ctx, F_Sequence_Number) >= Field_Size (Ctx, F_Sequence_Number), Post => Has_Buffer (Ctx) @@ -900,14 +900,14 @@ is and Invalid (Ctx, F_Receive_Timestamp) and Invalid (Ctx, F_Transmit_Timestamp) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) then Predecessor (Ctx, F_Data) = F_Sequence_Number and Valid_Next (Ctx, F_Data)) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) then Predecessor (Ctx, F_Originate_Timestamp) = F_Sequence_Number and Valid_Next (Ctx, F_Originate_Timestamp)) @@ -929,8 +929,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Unused_24) - and then RFLX.ICMP.Valid_Unused_24 (To_U64 (Val)) - and then Field_Condition (Ctx, F_Unused_24, To_U64 (Val)) + and then RFLX.ICMP.Valid_Unused_24 (To_S63 (Val)) + and then Field_Condition (Ctx, F_Unused_24, To_S63 (Val)) and then Available_Space (Ctx, F_Unused_24) >= Field_Size (Ctx, F_Unused_24), Post => Has_Buffer (Ctx) @@ -959,8 +959,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Originate_Timestamp) - and then RFLX.ICMP.Valid_Timestamp (To_U64 (Val)) - and then Field_Condition (Ctx, F_Originate_Timestamp, To_U64 (Val)) + and then RFLX.ICMP.Valid_Timestamp (To_S63 (Val)) + and then Field_Condition (Ctx, F_Originate_Timestamp, To_S63 (Val)) and then Available_Space (Ctx, F_Originate_Timestamp) >= Field_Size (Ctx, F_Originate_Timestamp), Post => Has_Buffer (Ctx) @@ -990,8 +990,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Receive_Timestamp) - and then RFLX.ICMP.Valid_Timestamp (To_U64 (Val)) - and then Field_Condition (Ctx, F_Receive_Timestamp, To_U64 (Val)) + and then RFLX.ICMP.Valid_Timestamp (To_S63 (Val)) + and then Field_Condition (Ctx, F_Receive_Timestamp, To_S63 (Val)) and then Available_Space (Ctx, F_Receive_Timestamp) >= Field_Size (Ctx, F_Receive_Timestamp), Post => Has_Buffer (Ctx) @@ -1020,8 +1020,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Transmit_Timestamp) - and then RFLX.ICMP.Valid_Timestamp (To_U64 (Val)) - and then Field_Condition (Ctx, F_Transmit_Timestamp, To_U64 (Val)) + and then RFLX.ICMP.Valid_Timestamp (To_S63 (Val)) + and then Field_Condition (Ctx, F_Transmit_Timestamp, To_S63 (Val)) and then Available_Space (Ctx, F_Transmit_Timestamp) >= Field_Size (Ctx, F_Transmit_Timestamp), Post => Has_Buffer (Ctx) @@ -1181,7 +1181,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1234,32 +1234,32 @@ private then (Valid (Cursors (F_Tag)) and then Cursors (F_Code_Destination_Unreachable).Predecessor = F_Tag - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)))) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)))) and then (if Structural_Valid (Cursors (F_Code_Redirect)) then (Valid (Cursors (F_Tag)) and then Cursors (F_Code_Redirect).Predecessor = F_Tag - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)))) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)))) and then (if Structural_Valid (Cursors (F_Code_Time_Exceeded)) then (Valid (Cursors (F_Tag)) and then Cursors (F_Code_Time_Exceeded).Predecessor = F_Tag - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)))) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)))) and then (if Structural_Valid (Cursors (F_Code_Zero)) then (Valid (Cursors (F_Tag)) and then Cursors (F_Code_Zero).Predecessor = F_Tag - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request))))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request))))) and then (if Structural_Valid (Cursors (F_Checksum)) then @@ -1276,32 +1276,32 @@ private then (Valid (Cursors (F_Checksum)) and then Cursors (F_Gateway_Internet_Address).Predecessor = F_Checksum - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)))) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)))) and then (if Structural_Valid (Cursors (F_Identifier)) then (Valid (Cursors (F_Checksum)) and then Cursors (F_Identifier).Predecessor = F_Checksum - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply))))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply))))) and then (if Structural_Valid (Cursors (F_Pointer)) then (Valid (Cursors (F_Checksum)) and then Cursors (F_Pointer).Predecessor = F_Checksum - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)))) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)))) and then (if Structural_Valid (Cursors (F_Unused_32)) then (Valid (Cursors (F_Checksum)) and then Cursors (F_Unused_32).Predecessor = F_Checksum - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench))))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench))))) and then (if Structural_Valid (Cursors (F_Sequence_Number)) then @@ -1317,8 +1317,8 @@ private then (Valid (Cursors (F_Sequence_Number)) and then Cursors (F_Originate_Timestamp).Predecessor = F_Sequence_Number - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply))))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply))))) and then (if Structural_Valid (Cursors (F_Data)) then @@ -1326,8 +1326,8 @@ private and then Cursors (F_Data).Predecessor = F_Gateway_Internet_Address) or (Valid (Cursors (F_Sequence_Number)) and then Cursors (F_Data).Predecessor = F_Sequence_Number - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)))) or (Valid (Cursors (F_Unused_24)) and then Cursors (F_Data).Predecessor = F_Unused_24) or (Valid (Cursors (F_Unused_32)) @@ -1377,7 +1377,7 @@ private and then Cursors (F_Tag).First = First and then (if Structural_Valid (Cursors (F_Code_Destination_Unreachable)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) then Cursors (F_Code_Destination_Unreachable).Last - Cursors (F_Code_Destination_Unreachable).First + 1 = 8 and then Cursors (F_Code_Destination_Unreachable).Predecessor = F_Tag @@ -1390,7 +1390,7 @@ private and then Cursors (F_Checksum).First = Cursors (F_Code_Destination_Unreachable).Last + 1 and then (if Structural_Valid (Cursors (F_Gateway_Internet_Address)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then Cursors (F_Gateway_Internet_Address).Last - Cursors (F_Gateway_Internet_Address).First + 1 = 32 and then Cursors (F_Gateway_Internet_Address).Predecessor = F_Checksum @@ -1403,12 +1403,12 @@ private and then Cursors (F_Data).First = Cursors (F_Gateway_Internet_Address).Last + 1)) and then (if Structural_Valid (Cursors (F_Identifier)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply))) then Cursors (F_Identifier).Last - Cursors (F_Identifier).First + 1 = 16 and then Cursors (F_Identifier).Predecessor = F_Checksum @@ -1421,16 +1421,16 @@ private and then Cursors (F_Sequence_Number).First = Cursors (F_Identifier).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request))) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Sequence_Number).Last) and then Cursors (F_Data).Predecessor = F_Sequence_Number and then Cursors (F_Data).First = Cursors (F_Sequence_Number).Last + 1) and then (if Structural_Valid (Cursors (F_Originate_Timestamp)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply))) then Cursors (F_Originate_Timestamp).Last - Cursors (F_Originate_Timestamp).First + 1 = 32 and then Cursors (F_Originate_Timestamp).Predecessor = F_Sequence_Number @@ -1449,7 +1449,7 @@ private and then Cursors (F_Transmit_Timestamp).First = Cursors (F_Receive_Timestamp).Last + 1))))) and then (if Structural_Valid (Cursors (F_Pointer)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) then Cursors (F_Pointer).Last - Cursors (F_Pointer).First + 1 = 8 and then Cursors (F_Pointer).Predecessor = F_Checksum @@ -1468,9 +1468,9 @@ private and then Cursors (F_Data).First = Cursors (F_Unused_24).Last + 1))) and then (if Structural_Valid (Cursors (F_Unused_32)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench))) then Cursors (F_Unused_32).Last - Cursors (F_Unused_32).First + 1 = 32 and then Cursors (F_Unused_32).Predecessor = F_Checksum @@ -1483,7 +1483,7 @@ private and then Cursors (F_Data).First = Cursors (F_Unused_32).Last + 1)))) and then (if Structural_Valid (Cursors (F_Code_Redirect)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then Cursors (F_Code_Redirect).Last - Cursors (F_Code_Redirect).First + 1 = 8 and then Cursors (F_Code_Redirect).Predecessor = F_Tag @@ -1496,7 +1496,7 @@ private and then Cursors (F_Checksum).First = Cursors (F_Code_Redirect).Last + 1 and then (if Structural_Valid (Cursors (F_Gateway_Internet_Address)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then Cursors (F_Gateway_Internet_Address).Last - Cursors (F_Gateway_Internet_Address).First + 1 = 32 and then Cursors (F_Gateway_Internet_Address).Predecessor = F_Checksum @@ -1509,12 +1509,12 @@ private and then Cursors (F_Data).First = Cursors (F_Gateway_Internet_Address).Last + 1)) and then (if Structural_Valid (Cursors (F_Identifier)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply))) then Cursors (F_Identifier).Last - Cursors (F_Identifier).First + 1 = 16 and then Cursors (F_Identifier).Predecessor = F_Checksum @@ -1527,16 +1527,16 @@ private and then Cursors (F_Sequence_Number).First = Cursors (F_Identifier).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request))) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Sequence_Number).Last) and then Cursors (F_Data).Predecessor = F_Sequence_Number and then Cursors (F_Data).First = Cursors (F_Sequence_Number).Last + 1) and then (if Structural_Valid (Cursors (F_Originate_Timestamp)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply))) then Cursors (F_Originate_Timestamp).Last - Cursors (F_Originate_Timestamp).First + 1 = 32 and then Cursors (F_Originate_Timestamp).Predecessor = F_Sequence_Number @@ -1555,7 +1555,7 @@ private and then Cursors (F_Transmit_Timestamp).First = Cursors (F_Receive_Timestamp).Last + 1))))) and then (if Structural_Valid (Cursors (F_Pointer)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) then Cursors (F_Pointer).Last - Cursors (F_Pointer).First + 1 = 8 and then Cursors (F_Pointer).Predecessor = F_Checksum @@ -1574,9 +1574,9 @@ private and then Cursors (F_Data).First = Cursors (F_Unused_24).Last + 1))) and then (if Structural_Valid (Cursors (F_Unused_32)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench))) then Cursors (F_Unused_32).Last - Cursors (F_Unused_32).First + 1 = 32 and then Cursors (F_Unused_32).Predecessor = F_Checksum @@ -1589,7 +1589,7 @@ private and then Cursors (F_Data).First = Cursors (F_Unused_32).Last + 1)))) and then (if Structural_Valid (Cursors (F_Code_Time_Exceeded)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) then Cursors (F_Code_Time_Exceeded).Last - Cursors (F_Code_Time_Exceeded).First + 1 = 8 and then Cursors (F_Code_Time_Exceeded).Predecessor = F_Tag @@ -1602,7 +1602,7 @@ private and then Cursors (F_Checksum).First = Cursors (F_Code_Time_Exceeded).Last + 1 and then (if Structural_Valid (Cursors (F_Gateway_Internet_Address)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then Cursors (F_Gateway_Internet_Address).Last - Cursors (F_Gateway_Internet_Address).First + 1 = 32 and then Cursors (F_Gateway_Internet_Address).Predecessor = F_Checksum @@ -1615,12 +1615,12 @@ private and then Cursors (F_Data).First = Cursors (F_Gateway_Internet_Address).Last + 1)) and then (if Structural_Valid (Cursors (F_Identifier)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply))) then Cursors (F_Identifier).Last - Cursors (F_Identifier).First + 1 = 16 and then Cursors (F_Identifier).Predecessor = F_Checksum @@ -1633,16 +1633,16 @@ private and then Cursors (F_Sequence_Number).First = Cursors (F_Identifier).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request))) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Sequence_Number).Last) and then Cursors (F_Data).Predecessor = F_Sequence_Number and then Cursors (F_Data).First = Cursors (F_Sequence_Number).Last + 1) and then (if Structural_Valid (Cursors (F_Originate_Timestamp)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply))) then Cursors (F_Originate_Timestamp).Last - Cursors (F_Originate_Timestamp).First + 1 = 32 and then Cursors (F_Originate_Timestamp).Predecessor = F_Sequence_Number @@ -1661,7 +1661,7 @@ private and then Cursors (F_Transmit_Timestamp).First = Cursors (F_Receive_Timestamp).Last + 1))))) and then (if Structural_Valid (Cursors (F_Pointer)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) then Cursors (F_Pointer).Last - Cursors (F_Pointer).First + 1 = 8 and then Cursors (F_Pointer).Predecessor = F_Checksum @@ -1680,9 +1680,9 @@ private and then Cursors (F_Data).First = Cursors (F_Unused_24).Last + 1))) and then (if Structural_Valid (Cursors (F_Unused_32)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench))) then Cursors (F_Unused_32).Last - Cursors (F_Unused_32).First + 1 = 32 and then Cursors (F_Unused_32).Predecessor = F_Checksum @@ -1695,14 +1695,14 @@ private and then Cursors (F_Data).First = Cursors (F_Unused_32).Last + 1)))) and then (if Structural_Valid (Cursors (F_Code_Zero)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request))) then Cursors (F_Code_Zero).Last - Cursors (F_Code_Zero).First + 1 = 8 and then Cursors (F_Code_Zero).Predecessor = F_Tag @@ -1715,7 +1715,7 @@ private and then Cursors (F_Checksum).First = Cursors (F_Code_Zero).Last + 1 and then (if Structural_Valid (Cursors (F_Gateway_Internet_Address)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) then Cursors (F_Gateway_Internet_Address).Last - Cursors (F_Gateway_Internet_Address).First + 1 = 32 and then Cursors (F_Gateway_Internet_Address).Predecessor = F_Checksum @@ -1728,12 +1728,12 @@ private and then Cursors (F_Data).First = Cursors (F_Gateway_Internet_Address).Last + 1)) and then (if Structural_Valid (Cursors (F_Identifier)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply))) then Cursors (F_Identifier).Last - Cursors (F_Identifier).First + 1 = 16 and then Cursors (F_Identifier).Predecessor = F_Checksum @@ -1746,16 +1746,16 @@ private and then Cursors (F_Sequence_Number).First = Cursors (F_Identifier).Last + 1 and then (if Structural_Valid (Cursors (F_Data)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request))) then Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Sequence_Number).Last) and then Cursors (F_Data).Predecessor = F_Sequence_Number and then Cursors (F_Data).First = Cursors (F_Sequence_Number).Last + 1) and then (if Structural_Valid (Cursors (F_Originate_Timestamp)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply))) then Cursors (F_Originate_Timestamp).Last - Cursors (F_Originate_Timestamp).First + 1 = 32 and then Cursors (F_Originate_Timestamp).Predecessor = F_Sequence_Number @@ -1774,7 +1774,7 @@ private and then Cursors (F_Transmit_Timestamp).First = Cursors (F_Receive_Timestamp).Last + 1))))) and then (if Structural_Valid (Cursors (F_Pointer)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) then Cursors (F_Pointer).Last - Cursors (F_Pointer).First + 1 = 8 and then Cursors (F_Pointer).Predecessor = F_Checksum @@ -1793,9 +1793,9 @@ private and then Cursors (F_Data).First = Cursors (F_Unused_24).Last + 1))) and then (if Structural_Valid (Cursors (F_Unused_32)) - and then (RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) - or RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench))) + and then (RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) + or RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench))) then Cursors (F_Unused_32).Last - Cursors (F_Unused_32).First + 1 = 32 and then Cursors (F_Unused_32).Predecessor = F_Checksum @@ -1841,7 +1841,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Tag => RFLX.ICMP.Valid_Tag (Val), @@ -1881,89 +1881,89 @@ private when F_Tag => (case Fld is when F_Code_Destination_Unreachable => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)), + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)), when F_Code_Redirect => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)), + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)), when F_Code_Time_Exceeded => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)), + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)), when F_Code_Zero => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)), + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)), when others => False), when F_Checksum => (case Fld is when F_Gateway_Internet_Address => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)), + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)), when F_Identifier => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)), + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)), when F_Pointer => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)), + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)), when F_Unused_32 => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)), + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)), when others => False), when F_Sequence_Number => (case Fld is when F_Data => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)), + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)), when F_Originate_Timestamp => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)), + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)), when others => False))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Tag => - Val = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)), + Val = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)), when F_Code_Destination_Unreachable | F_Code_Redirect | F_Code_Time_Exceeded | F_Code_Zero => True, when F_Checksum => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Redirect)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Parameter_Problem)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Time_Exceeded)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Destination_Unreachable)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Source_Quench)), + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Redirect)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Parameter_Problem)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Time_Exceeded)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Destination_Unreachable)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Source_Quench)), when F_Gateway_Internet_Address | F_Identifier | F_Pointer | F_Unused_32 => True, when F_Sequence_Number => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Echo_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Msg)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Timestamp_Reply)), + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Echo_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Msg)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Timestamp_Reply)), when F_Unused_24 | F_Originate_Timestamp | F_Data | F_Receive_Timestamp | F_Transmit_Timestamp => True)); @@ -1994,8 +1994,8 @@ private 224 elsif Ctx.Cursors (Fld).Predecessor = F_Sequence_Number - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Tag).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Tag).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.ICMP.Echo_Request))) + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Tag).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Tag).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.ICMP.Echo_Request))) then RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number).Last) elsif @@ -2106,15 +2106,15 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Data) or (Valid (Ctx, F_Sequence_Number) - and then (RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)))) + and then (RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)))) or Valid (Ctx, F_Transmit_Timestamp)); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Data) or (Valid (Ctx, F_Sequence_Number) - and then (RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Request)) - or RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.ICMP.Information_Reply)))) + and then (RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Request)) + or RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.ICMP.Information_Reply)))) or Valid (Ctx, F_Transmit_Timestamp)); function Incomplete_Message (Ctx : Context) return Boolean is @@ -2170,8 +2170,8 @@ private ((if Fld = F_Data and then Ctx.Cursors (Fld).Predecessor = F_Sequence_Number - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Tag).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.ICMP.Echo_Reply)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Tag).Value) = RFLX_Types.Bit_Length (To_U64 (RFLX.ICMP.Echo_Request))) + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Tag).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.ICMP.Echo_Reply)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Tag).Value) = RFLX_Types.Bit_Length (To_S63 (RFLX.ICMP.Echo_Request))) then Size <= Available_Space (Ctx, Fld) else diff --git a/tests/spark/generated/rflx-icmp.ads b/tests/spark/generated/rflx-icmp.ads index ca227e5af..bd80ccead 100644 --- a/tests/spark/generated/rflx-icmp.ads +++ b/tests/spark/generated/rflx-icmp.ads @@ -11,12 +11,12 @@ is 8; for Tag use (Echo_Reply => 0, Destination_Unreachable => 3, Source_Quench => 4, Redirect => 5, Echo_Request => 8, Time_Exceeded => 11, Parameter_Problem => 12, Timestamp_Msg => 13, Timestamp_Reply => 14, Information_Request => 15, Information_Reply => 16); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Tag (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Tag (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 8 | 3 | 11 | 12 | 4 | 5 | 13 | 14 | 15 | 16); - function To_U64 (Enum : RFLX.ICMP.Tag) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.ICMP.Tag) return RFLX.RFLX_Types.S63 is ((case Enum is when Echo_Reply => 0, @@ -43,7 +43,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Tag is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Tag is ((case Val is when 0 => Echo_Reply, @@ -80,10 +80,10 @@ is 8; for Code_Destination_Unreachable use (Net_Unreachable => 0, Host_Unreachable => 1, Protocol_Unreachable => 2, Port_Unreachable => 3, Fragmentation_Needed_DF_Set => 4, Source_Route_Failed => 5); - function Valid_Code_Destination_Unreachable (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Code_Destination_Unreachable (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3 | 4 | 5); - function To_U64 (Enum : RFLX.ICMP.Code_Destination_Unreachable) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.ICMP.Code_Destination_Unreachable) return RFLX.RFLX_Types.S63 is ((case Enum is when Net_Unreachable => 0, @@ -100,7 +100,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Code_Destination_Unreachable is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Code_Destination_Unreachable is ((case Val is when 0 => Net_Unreachable, @@ -127,10 +127,10 @@ is 8; for Code_Time_Exceeded use (TTL_Exceeded => 0, Fragment_Reassembly_Time_Exceeded => 1); - function Valid_Code_Time_Exceeded (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Code_Time_Exceeded (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1); - function To_U64 (Enum : RFLX.ICMP.Code_Time_Exceeded) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.ICMP.Code_Time_Exceeded) return RFLX.RFLX_Types.S63 is ((case Enum is when TTL_Exceeded => 0, @@ -139,7 +139,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Code_Time_Exceeded is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Code_Time_Exceeded is ((case Val is when 0 => TTL_Exceeded, @@ -158,10 +158,10 @@ is 8; for Code_Redirect use (Redirect_for_Network => 0, Redirect_for_Host => 1, Redirect_for_Service_Network => 2, Redirect_for_Service_Host => 3); - function Valid_Code_Redirect (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Code_Redirect (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2 | 3); - function To_U64 (Enum : RFLX.ICMP.Code_Redirect) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.ICMP.Code_Redirect) return RFLX.RFLX_Types.S63 is ((case Enum is when Redirect_for_Network => 0, @@ -174,7 +174,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Code_Redirect is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Code_Redirect is ((case Val is when 0 => Redirect_for_Network, @@ -196,13 +196,13 @@ is Size => 8; - function Valid_Code_Zero (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Code_Zero (Val : RFLX.RFLX_Types.S63) return Boolean is (Val = 0); - function To_U64 (Val : RFLX.ICMP.Code_Zero) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.ICMP.Code_Zero) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Code_Zero is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Code_Zero is (RFLX.ICMP.Code_Zero (Val)) with Pre => @@ -212,13 +212,13 @@ is Size => 16; - function Valid_Checksum (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Checksum (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.ICMP.Checksum) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.ICMP.Checksum) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Checksum is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Checksum is (RFLX.ICMP.Checksum (Val)) with Pre => @@ -228,13 +228,13 @@ is Size => 16; - function Valid_Identifier (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Identifier (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.ICMP.Identifier) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.ICMP.Identifier) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Identifier is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Identifier is (RFLX.ICMP.Identifier (Val)) with Pre => @@ -244,13 +244,13 @@ is Size => 16; - function Valid_Sequence_Number (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Sequence_Number (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.ICMP.Sequence_Number) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.ICMP.Sequence_Number) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Sequence_Number is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Sequence_Number is (RFLX.ICMP.Sequence_Number (Val)) with Pre => @@ -260,13 +260,13 @@ is Size => 8; - function Valid_Pointer (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Pointer (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.ICMP.Pointer) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.ICMP.Pointer) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Pointer is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Pointer is (RFLX.ICMP.Pointer (Val)) with Pre => @@ -276,13 +276,13 @@ is Size => 32; - function Valid_Timestamp (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Timestamp (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 4294967295); - function To_U64 (Val : RFLX.ICMP.Timestamp) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.ICMP.Timestamp) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Timestamp is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Timestamp is (RFLX.ICMP.Timestamp (Val)) with Pre => @@ -292,13 +292,13 @@ is Size => 32; - function Valid_Gateway_Internet_Address (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Gateway_Internet_Address (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 4294967295); - function To_U64 (Val : RFLX.ICMP.Gateway_Internet_Address) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.ICMP.Gateway_Internet_Address) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Gateway_Internet_Address is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Gateway_Internet_Address is (RFLX.ICMP.Gateway_Internet_Address (Val)) with Pre => @@ -308,13 +308,13 @@ is Size => 32; - function Valid_Unused_32 (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Unused_32 (Val : RFLX.RFLX_Types.S63) return Boolean is (Val = 0); - function To_U64 (Val : RFLX.ICMP.Unused_32) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.ICMP.Unused_32) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Unused_32 is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Unused_32 is (RFLX.ICMP.Unused_32 (Val)) with Pre => @@ -324,13 +324,13 @@ is Size => 24; - function Valid_Unused_24 (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Unused_24 (Val : RFLX.RFLX_Types.S63) return Boolean is (Val = 0); - function To_U64 (Val : RFLX.ICMP.Unused_24) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.ICMP.Unused_24) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.ICMP.Unused_24 is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.ICMP.Unused_24 is (RFLX.ICMP.Unused_24 (Val)) with Pre => diff --git a/tests/spark/generated/rflx-ipv4-option.adb b/tests/spark/generated/rflx-ipv4-option.adb index 5d6e24e49..29e835ad4 100644 --- a/tests/spark/generated/rflx-ipv4-option.adb +++ b/tests/spark/generated/rflx-ipv4-option.adb @@ -88,7 +88,7 @@ is F_Option_Number, when F_Option_Number => (if - RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Ctx.Cursors (F_Option_Number).Value = 1 then F_Final @@ -100,17 +100,17 @@ is F_Initial), when F_Option_Length => (if - (RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Debugging_And_Measurement)) + (RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Debugging_And_Measurement)) and Ctx.Cursors (F_Option_Number).Value = 4) - or (RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and (Ctx.Cursors (F_Option_Number).Value = 9 or Ctx.Cursors (F_Option_Number).Value = 3 or Ctx.Cursors (F_Option_Number).Value = 7)) or (Ctx.Cursors (F_Option_Length).Value = 11 - and RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Ctx.Cursors (F_Option_Number).Value = 2) or (Ctx.Cursors (F_Option_Length).Value = 4 - and RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Ctx.Cursors (F_Option_Number).Value = 8) then F_Option_Data @@ -199,7 +199,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Option_Data); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -228,7 +228,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -293,7 +293,7 @@ is Process_Option_Data (Ctx.Buffer.all (First .. Last)); end Generic_Get_Option_Data; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -340,17 +340,17 @@ is when F_Option_Length => Get_Option_Length (Ctx) = To_Actual (Val) and (if - (RFLX_Types.U64 (To_U64 (Get_Option_Class (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Debugging_And_Measurement)) + (RFLX_Types.S63 (To_S63 (Get_Option_Class (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Debugging_And_Measurement)) and Get_Option_Number (Ctx) = 4) - or (RFLX_Types.U64 (To_U64 (Get_Option_Class (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + or (RFLX_Types.S63 (To_S63 (Get_Option_Class (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and (Get_Option_Number (Ctx) = 9 or Get_Option_Number (Ctx) = 3 or Get_Option_Number (Ctx) = 7)) or (Get_Option_Length (Ctx) = 11 - and RFLX_Types.U64 (To_U64 (Get_Option_Class (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (To_S63 (Get_Option_Class (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Get_Option_Number (Ctx) = 2) or (Get_Option_Length (Ctx) = 4 - and RFLX_Types.U64 (To_U64 (Get_Option_Class (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (To_S63 (Get_Option_Class (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Get_Option_Number (Ctx) = 8) then Predecessor (Ctx, F_Option_Data) = F_Option_Length @@ -392,7 +392,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -400,8 +400,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -426,17 +426,17 @@ is when F_Option_Length => Get_Option_Length (Ctx) = To_Actual (Val) and (if - (RFLX_Types.U64 (To_U64 (Get_Option_Class (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Debugging_And_Measurement)) + (RFLX_Types.S63 (To_S63 (Get_Option_Class (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Debugging_And_Measurement)) and Get_Option_Number (Ctx) = 4) - or (RFLX_Types.U64 (To_U64 (Get_Option_Class (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + or (RFLX_Types.S63 (To_S63 (Get_Option_Class (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and (Get_Option_Number (Ctx) = 9 or Get_Option_Number (Ctx) = 3 or Get_Option_Number (Ctx) = 7)) or (Get_Option_Length (Ctx) = 11 - and RFLX_Types.U64 (To_U64 (Get_Option_Class (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (To_S63 (Get_Option_Class (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Get_Option_Number (Ctx) = 2) or (Get_Option_Length (Ctx) = 4 - and RFLX_Types.U64 (To_U64 (Get_Option_Class (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (To_S63 (Get_Option_Class (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Get_Option_Number (Ctx) = 8) then Predecessor (Ctx, F_Option_Data) = F_Option_Length @@ -458,27 +458,28 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Copied (Ctx : in out Context; Val : Boolean) is begin - Set_Scalar (Ctx, F_Copied, To_U64 (Val)); + Set_Scalar (Ctx, F_Copied, To_S63 (Val)); end Set_Copied; procedure Set_Option_Class (Ctx : in out Context; Val : RFLX.IPv4.Option_Class) is begin - Set_Scalar (Ctx, F_Option_Class, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Class, To_S63 (Val)); end Set_Option_Class; procedure Set_Option_Number (Ctx : in out Context; Val : RFLX.IPv4.Option_Number) is begin - Set_Scalar (Ctx, F_Option_Number, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Number, To_S63 (Val)); end Set_Option_Number; procedure Set_Option_Length (Ctx : in out Context; Val : RFLX.IPv4.Option_Length) is begin - Set_Scalar (Ctx, F_Option_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Option_Length, To_S63 (Val)); end Set_Option_Length; procedure Set_Option_Data_Empty (Ctx : in out Context) is diff --git a/tests/spark/generated/rflx-ipv4-option.ads b/tests/spark/generated/rflx-ipv4-option.ads index e246b9241..b9fa58b81 100644 --- a/tests/spark/generated/rflx-ipv4-option.ads +++ b/tests/spark/generated/rflx-ipv4-option.ads @@ -11,9 +11,9 @@ package RFLX.IPv4.Option with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -27,15 +27,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -244,7 +244,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -262,7 +262,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -441,8 +441,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Copied) - and then Valid_Boolean (To_U64 (Val)) - and then Field_Condition (Ctx, F_Copied, To_U64 (Val)) + and then Valid_Boolean (To_S63 (Val)) + and then Field_Condition (Ctx, F_Copied, To_S63 (Val)) and then Available_Space (Ctx, F_Copied) >= Field_Size (Ctx, F_Copied), Post => Has_Buffer (Ctx) @@ -467,8 +467,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Class) - and then RFLX.IPv4.Valid_Option_Class (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Class, To_U64 (Val)) + and then RFLX.IPv4.Valid_Option_Class (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Class, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Class) >= Field_Size (Ctx, F_Option_Class), Post => Has_Buffer (Ctx) @@ -495,8 +495,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Number) - and then RFLX.IPv4.Valid_Option_Number (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Number, To_U64 (Val)) + and then RFLX.IPv4.Valid_Option_Number (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Number, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Number) >= Field_Size (Ctx, F_Option_Number), Post => Has_Buffer (Ctx) @@ -527,8 +527,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Option_Length) - and then RFLX.IPv4.Valid_Option_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Option_Length, To_U64 (Val)) + and then RFLX.IPv4.Valid_Option_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Option_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Option_Length) >= Field_Size (Ctx, F_Option_Length), Post => Has_Buffer (Ctx) @@ -536,17 +536,17 @@ is and Get_Option_Length (Ctx) = Val and Invalid (Ctx, F_Option_Data) and (if - (RFLX_Types.U64 (To_U64 (Get_Option_Class (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Debugging_And_Measurement)) + (RFLX_Types.S63 (To_S63 (Get_Option_Class (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Debugging_And_Measurement)) and Get_Option_Number (Ctx) = 4) - or (RFLX_Types.U64 (To_U64 (Get_Option_Class (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + or (RFLX_Types.S63 (To_S63 (Get_Option_Class (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and (Get_Option_Number (Ctx) = 9 or Get_Option_Number (Ctx) = 3 or Get_Option_Number (Ctx) = 7)) or (Get_Option_Length (Ctx) = 11 - and RFLX_Types.U64 (To_U64 (Get_Option_Class (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (To_S63 (Get_Option_Class (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Get_Option_Number (Ctx) = 2) or (Get_Option_Length (Ctx) = 4 - and RFLX_Types.U64 (To_U64 (Get_Option_Class (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (To_S63 (Get_Option_Class (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Get_Option_Number (Ctx) = 8) then Predecessor (Ctx, F_Option_Data) = F_Option_Length @@ -699,7 +699,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -768,17 +768,17 @@ private then (Valid (Cursors (F_Option_Length)) and then Cursors (F_Option_Data).Predecessor = F_Option_Length - and then ((RFLX_Types.U64 (Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Debugging_And_Measurement)) + and then ((RFLX_Types.S63 (Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Debugging_And_Measurement)) and Cursors (F_Option_Number).Value = 4) - or (RFLX_Types.U64 (Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + or (RFLX_Types.S63 (Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and (Cursors (F_Option_Number).Value = 9 or Cursors (F_Option_Number).Value = 3 or Cursors (F_Option_Number).Value = 7)) or (Cursors (F_Option_Length).Value = 11 - and RFLX_Types.U64 (Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Cursors (F_Option_Number).Value = 2) or (Cursors (F_Option_Length).Value = 4 - and RFLX_Types.U64 (Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Cursors (F_Option_Number).Value = 8))))) and then ((if Invalid (Cursors (F_Copied)) then Invalid (Cursors (F_Option_Class))) and then (if Invalid (Cursors (F_Option_Class)) then Invalid (Cursors (F_Option_Number))) @@ -811,17 +811,17 @@ private and then Cursors (F_Option_Length).First = Cursors (F_Option_Number).Last + 1 and then (if Structural_Valid (Cursors (F_Option_Data)) - and then ((RFLX_Types.U64 (Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Debugging_And_Measurement)) + and then ((RFLX_Types.S63 (Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Debugging_And_Measurement)) and Cursors (F_Option_Number).Value = 4) - or (RFLX_Types.U64 (Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + or (RFLX_Types.S63 (Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and (Cursors (F_Option_Number).Value = 9 or Cursors (F_Option_Number).Value = 3 or Cursors (F_Option_Number).Value = 7)) or (Cursors (F_Option_Length).Value = 11 - and RFLX_Types.U64 (Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Cursors (F_Option_Number).Value = 2) or (Cursors (F_Option_Length).Value = 4 - and RFLX_Types.U64 (Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Cursors (F_Option_Number).Value = 8)) then Cursors (F_Option_Data).Last - Cursors (F_Option_Data).First + 1 = (RFLX_Types.Bit_Length (Cursors (F_Option_Length).Value) - 2) * 8 @@ -862,7 +862,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Copied => Valid_Boolean (Val), @@ -882,39 +882,39 @@ private when F_Option_Number => Ctx.Cursors (F_Option_Number).Value > 1, when F_Option_Length => - (RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Debugging_And_Measurement)) + (RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Debugging_And_Measurement)) and Ctx.Cursors (F_Option_Number).Value = 4) - or (RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and (Ctx.Cursors (F_Option_Number).Value = 9 or Ctx.Cursors (F_Option_Number).Value = 3 or Ctx.Cursors (F_Option_Number).Value = 7)) or (Ctx.Cursors (F_Option_Length).Value = 11 - and RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Ctx.Cursors (F_Option_Number).Value = 2) or (Ctx.Cursors (F_Option_Length).Value = 4 - and RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Ctx.Cursors (F_Option_Number).Value = 8))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Copied | F_Option_Class => True, when F_Option_Number => - (RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + (RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Val = 1) or Val > 1, when F_Option_Length => - (RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Debugging_And_Measurement)) + (RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Debugging_And_Measurement)) and Ctx.Cursors (F_Option_Number).Value = 4) - or (RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + or (RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and (Ctx.Cursors (F_Option_Number).Value = 9 or Ctx.Cursors (F_Option_Number).Value = 3 or Ctx.Cursors (F_Option_Number).Value = 7)) or (Val = 11 - and RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Ctx.Cursors (F_Option_Number).Value = 2) or (Val = 4 - and RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Ctx.Cursors (F_Option_Number).Value = 8), when F_Option_Data => True)); @@ -998,13 +998,13 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is (Structural_Valid (Ctx, F_Option_Data) or (Valid (Ctx, F_Option_Number) - and then (RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and then (RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Ctx.Cursors (F_Option_Number).Value = 1))); function Valid_Message (Ctx : Context) return Boolean is (Valid (Ctx, F_Option_Data) or (Valid (Ctx, F_Option_Number) - and then (RFLX_Types.U64 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.U64 (To_U64 (RFLX.IPv4.Control)) + and then (RFLX_Types.S63 (Ctx.Cursors (F_Option_Class).Value) = RFLX_Types.S63 (To_S63 (RFLX.IPv4.Control)) and Ctx.Cursors (F_Option_Number).Value = 1))); function Incomplete_Message (Ctx : Context) return Boolean is diff --git a/tests/spark/generated/rflx-ipv4-packet.adb b/tests/spark/generated/rflx-ipv4-packet.adb index b8c3ce27a..fd238c15e 100644 --- a/tests/spark/generated/rflx-ipv4-packet.adb +++ b/tests/spark/generated/rflx-ipv4-packet.adb @@ -92,7 +92,7 @@ is F_Total_Length, when F_Total_Length => (if - RFLX_Types.U64 (Ctx.Cursors (F_Total_Length).Value) >= RFLX_Types.U64 (Ctx.Cursors (F_IHL).Value) * 4 + RFLX_Types.S63 (Ctx.Cursors (F_Total_Length).Value) >= RFLX_Types.S63 (Ctx.Cursors (F_IHL).Value) * 4 then F_Identification else @@ -101,7 +101,7 @@ is F_Flag_R, when F_Flag_R => (if - RFLX_Types.U64 (Ctx.Cursors (F_Flag_R).Value) = RFLX_Types.U64 (To_U64 (False)) + RFLX_Types.S63 (Ctx.Cursors (F_Flag_R).Value) = RFLX_Types.S63 (To_S63 (False)) then F_Flag_DF else @@ -231,7 +231,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Options | F_Payload); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -270,7 +270,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -331,7 +331,7 @@ is Process_Payload (Ctx.Buffer.all (First .. Last)); end Generic_Get_Payload; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -377,7 +377,7 @@ is when F_Total_Length => Get_Total_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (Get_Total_Length (Ctx)) >= RFLX_Types.U64 (Get_IHL (Ctx)) * 4 + RFLX_Types.S63 (Get_Total_Length (Ctx)) >= RFLX_Types.S63 (Get_IHL (Ctx)) * 4 then Predecessor (Ctx, F_Identification) = F_Total_Length and Valid_Next (Ctx, F_Identification)), @@ -388,7 +388,7 @@ is when F_Flag_R => Get_Flag_R (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Flag_R (Ctx))) = RFLX_Types.U64 (To_U64 (False)) + RFLX_Types.S63 (To_S63 (Get_Flag_R (Ctx))) = RFLX_Types.S63 (To_S63 (False)) then Predecessor (Ctx, F_Flag_DF) = F_Flag_R and Valid_Next (Ctx, F_Flag_DF)), @@ -476,7 +476,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -484,8 +484,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -509,7 +509,7 @@ is when F_Total_Length => Get_Total_Length (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (Get_Total_Length (Ctx)) >= RFLX_Types.U64 (Get_IHL (Ctx)) * 4 + RFLX_Types.S63 (Get_Total_Length (Ctx)) >= RFLX_Types.S63 (Get_IHL (Ctx)) * 4 then Predecessor (Ctx, F_Identification) = F_Total_Length and Valid_Next (Ctx, F_Identification)), @@ -520,7 +520,7 @@ is when F_Flag_R => Get_Flag_R (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Flag_R (Ctx))) = RFLX_Types.U64 (To_U64 (False)) + RFLX_Types.S63 (To_S63 (Get_Flag_R (Ctx))) = RFLX_Types.S63 (To_S63 (False)) then Predecessor (Ctx, F_Flag_DF) = F_Flag_R and Valid_Next (Ctx, F_Flag_DF)), @@ -576,82 +576,83 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Version (Ctx : in out Context; Val : RFLX.IPv4.Version) is begin - Set_Scalar (Ctx, F_Version, To_U64 (Val)); + Set_Scalar (Ctx, F_Version, To_S63 (Val)); end Set_Version; procedure Set_IHL (Ctx : in out Context; Val : RFLX.IPv4.IHL) is begin - Set_Scalar (Ctx, F_IHL, To_U64 (Val)); + Set_Scalar (Ctx, F_IHL, To_S63 (Val)); end Set_IHL; procedure Set_DSCP (Ctx : in out Context; Val : RFLX.IPv4.DCSP) is begin - Set_Scalar (Ctx, F_DSCP, To_U64 (Val)); + Set_Scalar (Ctx, F_DSCP, To_S63 (Val)); end Set_DSCP; procedure Set_ECN (Ctx : in out Context; Val : RFLX.IPv4.ECN) is begin - Set_Scalar (Ctx, F_ECN, To_U64 (Val)); + Set_Scalar (Ctx, F_ECN, To_S63 (Val)); end Set_ECN; procedure Set_Total_Length (Ctx : in out Context; Val : RFLX.IPv4.Total_Length) is begin - Set_Scalar (Ctx, F_Total_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Total_Length, To_S63 (Val)); end Set_Total_Length; procedure Set_Identification (Ctx : in out Context; Val : RFLX.IPv4.Identification) is begin - Set_Scalar (Ctx, F_Identification, To_U64 (Val)); + Set_Scalar (Ctx, F_Identification, To_S63 (Val)); end Set_Identification; procedure Set_Flag_R (Ctx : in out Context; Val : Boolean) is begin - Set_Scalar (Ctx, F_Flag_R, To_U64 (Val)); + Set_Scalar (Ctx, F_Flag_R, To_S63 (Val)); end Set_Flag_R; procedure Set_Flag_DF (Ctx : in out Context; Val : Boolean) is begin - Set_Scalar (Ctx, F_Flag_DF, To_U64 (Val)); + Set_Scalar (Ctx, F_Flag_DF, To_S63 (Val)); end Set_Flag_DF; procedure Set_Flag_MF (Ctx : in out Context; Val : Boolean) is begin - Set_Scalar (Ctx, F_Flag_MF, To_U64 (Val)); + Set_Scalar (Ctx, F_Flag_MF, To_S63 (Val)); end Set_Flag_MF; procedure Set_Fragment_Offset (Ctx : in out Context; Val : RFLX.IPv4.Fragment_Offset) is begin - Set_Scalar (Ctx, F_Fragment_Offset, To_U64 (Val)); + Set_Scalar (Ctx, F_Fragment_Offset, To_S63 (Val)); end Set_Fragment_Offset; procedure Set_TTL (Ctx : in out Context; Val : RFLX.IPv4.TTL) is begin - Set_Scalar (Ctx, F_TTL, To_U64 (Val)); + Set_Scalar (Ctx, F_TTL, To_S63 (Val)); end Set_TTL; procedure Set_Protocol (Ctx : in out Context; Val : RFLX.IPv4.Protocol_Enum) is begin - Set_Scalar (Ctx, F_Protocol, To_U64 (Val)); + Set_Scalar (Ctx, F_Protocol, To_S63 (Val)); end Set_Protocol; procedure Set_Header_Checksum (Ctx : in out Context; Val : RFLX.IPv4.Header_Checksum) is begin - Set_Scalar (Ctx, F_Header_Checksum, To_U64 (Val)); + Set_Scalar (Ctx, F_Header_Checksum, To_S63 (Val)); end Set_Header_Checksum; procedure Set_Source (Ctx : in out Context; Val : RFLX.IPv4.Address) is begin - Set_Scalar (Ctx, F_Source, To_U64 (Val)); + Set_Scalar (Ctx, F_Source, To_S63 (Val)); end Set_Source; procedure Set_Destination (Ctx : in out Context; Val : RFLX.IPv4.Address) is begin - Set_Scalar (Ctx, F_Destination, To_U64 (Val)); + Set_Scalar (Ctx, F_Destination, To_S63 (Val)); end Set_Destination; procedure Set_Options_Empty (Ctx : in out Context) is diff --git a/tests/spark/generated/rflx-ipv4-packet.ads b/tests/spark/generated/rflx-ipv4-packet.ads index b2ec8654f..ea4cd2aff 100644 --- a/tests/spark/generated/rflx-ipv4-packet.ads +++ b/tests/spark/generated/rflx-ipv4-packet.ads @@ -12,9 +12,9 @@ package RFLX.IPv4.Packet with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -28,15 +28,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -245,7 +245,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -263,7 +263,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -486,8 +486,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Version) - and then RFLX.IPv4.Valid_Version (To_U64 (Val)) - and then Field_Condition (Ctx, F_Version, To_U64 (Val)) + and then RFLX.IPv4.Valid_Version (To_S63 (Val)) + and then Field_Condition (Ctx, F_Version, To_S63 (Val)) and then Available_Space (Ctx, F_Version) >= Field_Size (Ctx, F_Version), Post => Has_Buffer (Ctx) @@ -523,8 +523,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_IHL) - and then RFLX.IPv4.Valid_IHL (To_U64 (Val)) - and then Field_Condition (Ctx, F_IHL, To_U64 (Val)) + and then RFLX.IPv4.Valid_IHL (To_S63 (Val)) + and then Field_Condition (Ctx, F_IHL, To_S63 (Val)) and then Available_Space (Ctx, F_IHL) >= Field_Size (Ctx, F_IHL), Post => Has_Buffer (Ctx) @@ -562,8 +562,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_DSCP) - and then RFLX.IPv4.Valid_DCSP (To_U64 (Val)) - and then Field_Condition (Ctx, F_DSCP, To_U64 (Val)) + and then RFLX.IPv4.Valid_DCSP (To_S63 (Val)) + and then Field_Condition (Ctx, F_DSCP, To_S63 (Val)) and then Available_Space (Ctx, F_DSCP) >= Field_Size (Ctx, F_DSCP), Post => Has_Buffer (Ctx) @@ -601,8 +601,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_ECN) - and then RFLX.IPv4.Valid_ECN (To_U64 (Val)) - and then Field_Condition (Ctx, F_ECN, To_U64 (Val)) + and then RFLX.IPv4.Valid_ECN (To_S63 (Val)) + and then Field_Condition (Ctx, F_ECN, To_S63 (Val)) and then Available_Space (Ctx, F_ECN) >= Field_Size (Ctx, F_ECN), Post => Has_Buffer (Ctx) @@ -640,8 +640,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Total_Length) - and then RFLX.IPv4.Valid_Total_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Total_Length, To_U64 (Val)) + and then RFLX.IPv4.Valid_Total_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Total_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Total_Length) >= Field_Size (Ctx, F_Total_Length), Post => Has_Buffer (Ctx) @@ -660,7 +660,7 @@ is and Invalid (Ctx, F_Options) and Invalid (Ctx, F_Payload) and (if - RFLX_Types.U64 (Get_Total_Length (Ctx)) >= RFLX_Types.U64 (Get_IHL (Ctx)) * 4 + RFLX_Types.S63 (Get_Total_Length (Ctx)) >= RFLX_Types.S63 (Get_IHL (Ctx)) * 4 then Predecessor (Ctx, F_Identification) = F_Total_Length and Valid_Next (Ctx, F_Identification)) @@ -682,8 +682,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Identification) - and then RFLX.IPv4.Valid_Identification (To_U64 (Val)) - and then Field_Condition (Ctx, F_Identification, To_U64 (Val)) + and then RFLX.IPv4.Valid_Identification (To_S63 (Val)) + and then Field_Condition (Ctx, F_Identification, To_S63 (Val)) and then Available_Space (Ctx, F_Identification) >= Field_Size (Ctx, F_Identification), Post => Has_Buffer (Ctx) @@ -721,8 +721,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Flag_R) - and then Valid_Boolean (To_U64 (Val)) - and then Field_Condition (Ctx, F_Flag_R, To_U64 (Val)) + and then Valid_Boolean (To_S63 (Val)) + and then Field_Condition (Ctx, F_Flag_R, To_S63 (Val)) and then Available_Space (Ctx, F_Flag_R) >= Field_Size (Ctx, F_Flag_R), Post => Has_Buffer (Ctx) @@ -739,7 +739,7 @@ is and Invalid (Ctx, F_Options) and Invalid (Ctx, F_Payload) and (if - RFLX_Types.U64 (To_U64 (Get_Flag_R (Ctx))) = RFLX_Types.U64 (To_U64 (False)) + RFLX_Types.S63 (To_S63 (Get_Flag_R (Ctx))) = RFLX_Types.S63 (To_S63 (False)) then Predecessor (Ctx, F_Flag_DF) = F_Flag_R and Valid_Next (Ctx, F_Flag_DF)) @@ -763,8 +763,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Flag_DF) - and then Valid_Boolean (To_U64 (Val)) - and then Field_Condition (Ctx, F_Flag_DF, To_U64 (Val)) + and then Valid_Boolean (To_S63 (Val)) + and then Field_Condition (Ctx, F_Flag_DF, To_S63 (Val)) and then Available_Space (Ctx, F_Flag_DF) >= Field_Size (Ctx, F_Flag_DF), Post => Has_Buffer (Ctx) @@ -802,8 +802,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Flag_MF) - and then Valid_Boolean (To_U64 (Val)) - and then Field_Condition (Ctx, F_Flag_MF, To_U64 (Val)) + and then Valid_Boolean (To_S63 (Val)) + and then Field_Condition (Ctx, F_Flag_MF, To_S63 (Val)) and then Available_Space (Ctx, F_Flag_MF) >= Field_Size (Ctx, F_Flag_MF), Post => Has_Buffer (Ctx) @@ -841,8 +841,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Fragment_Offset) - and then RFLX.IPv4.Valid_Fragment_Offset (To_U64 (Val)) - and then Field_Condition (Ctx, F_Fragment_Offset, To_U64 (Val)) + and then RFLX.IPv4.Valid_Fragment_Offset (To_S63 (Val)) + and then Field_Condition (Ctx, F_Fragment_Offset, To_S63 (Val)) and then Available_Space (Ctx, F_Fragment_Offset) >= Field_Size (Ctx, F_Fragment_Offset), Post => Has_Buffer (Ctx) @@ -880,8 +880,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_TTL) - and then RFLX.IPv4.Valid_TTL (To_U64 (Val)) - and then Field_Condition (Ctx, F_TTL, To_U64 (Val)) + and then RFLX.IPv4.Valid_TTL (To_S63 (Val)) + and then Field_Condition (Ctx, F_TTL, To_S63 (Val)) and then Available_Space (Ctx, F_TTL) >= Field_Size (Ctx, F_TTL), Post => Has_Buffer (Ctx) @@ -919,8 +919,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Protocol) - and then RFLX.IPv4.Valid_Protocol (To_U64 (Val)) - and then Field_Condition (Ctx, F_Protocol, To_U64 (Val)) + and then RFLX.IPv4.Valid_Protocol (To_S63 (Val)) + and then Field_Condition (Ctx, F_Protocol, To_S63 (Val)) and then Available_Space (Ctx, F_Protocol) >= Field_Size (Ctx, F_Protocol), Post => Has_Buffer (Ctx) @@ -958,8 +958,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Header_Checksum) - and then RFLX.IPv4.Valid_Header_Checksum (To_U64 (Val)) - and then Field_Condition (Ctx, F_Header_Checksum, To_U64 (Val)) + and then RFLX.IPv4.Valid_Header_Checksum (To_S63 (Val)) + and then Field_Condition (Ctx, F_Header_Checksum, To_S63 (Val)) and then Available_Space (Ctx, F_Header_Checksum) >= Field_Size (Ctx, F_Header_Checksum), Post => Has_Buffer (Ctx) @@ -997,8 +997,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Source) - and then RFLX.IPv4.Valid_Address (To_U64 (Val)) - and then Field_Condition (Ctx, F_Source, To_U64 (Val)) + and then RFLX.IPv4.Valid_Address (To_S63 (Val)) + and then Field_Condition (Ctx, F_Source, To_S63 (Val)) and then Available_Space (Ctx, F_Source) >= Field_Size (Ctx, F_Source), Post => Has_Buffer (Ctx) @@ -1036,8 +1036,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Destination) - and then RFLX.IPv4.Valid_Address (To_U64 (Val)) - and then Field_Condition (Ctx, F_Destination, To_U64 (Val)) + and then RFLX.IPv4.Valid_Address (To_S63 (Val)) + and then Field_Condition (Ctx, F_Destination, To_S63 (Val)) and then Available_Space (Ctx, F_Destination) >= Field_Size (Ctx, F_Destination), Post => Has_Buffer (Ctx) @@ -1443,7 +1443,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1516,7 +1516,7 @@ private then (Valid (Cursors (F_Total_Length)) and then Cursors (F_Identification).Predecessor = F_Total_Length - and then RFLX_Types.U64 (Cursors (F_Total_Length).Value) >= RFLX_Types.U64 (Cursors (F_IHL).Value) * 4)) + and then RFLX_Types.S63 (Cursors (F_Total_Length).Value) >= RFLX_Types.S63 (Cursors (F_IHL).Value) * 4)) and then (if Structural_Valid (Cursors (F_Flag_R)) then @@ -1527,7 +1527,7 @@ private then (Valid (Cursors (F_Flag_R)) and then Cursors (F_Flag_DF).Predecessor = F_Flag_R - and then RFLX_Types.U64 (Cursors (F_Flag_R).Value) = RFLX_Types.U64 (To_U64 (False)))) + and then RFLX_Types.S63 (Cursors (F_Flag_R).Value) = RFLX_Types.S63 (To_S63 (False)))) and then (if Structural_Valid (Cursors (F_Flag_MF)) then @@ -1621,7 +1621,7 @@ private and then Cursors (F_Total_Length).First = Cursors (F_ECN).Last + 1 and then (if Structural_Valid (Cursors (F_Identification)) - and then RFLX_Types.U64 (Cursors (F_Total_Length).Value) >= RFLX_Types.U64 (Cursors (F_IHL).Value) * 4 + and then RFLX_Types.S63 (Cursors (F_Total_Length).Value) >= RFLX_Types.S63 (Cursors (F_IHL).Value) * 4 then Cursors (F_Identification).Last - Cursors (F_Identification).First + 1 = 16 and then Cursors (F_Identification).Predecessor = F_Total_Length @@ -1634,7 +1634,7 @@ private and then Cursors (F_Flag_R).First = Cursors (F_Identification).Last + 1 and then (if Structural_Valid (Cursors (F_Flag_DF)) - and then RFLX_Types.U64 (Cursors (F_Flag_R).Value) = RFLX_Types.U64 (To_U64 (False)) + and then RFLX_Types.S63 (Cursors (F_Flag_R).Value) = RFLX_Types.S63 (To_S63 (False)) then Cursors (F_Flag_DF).Last - Cursors (F_Flag_DF).First + 1 = 1 and then Cursors (F_Flag_DF).Predecessor = F_Flag_R @@ -1728,7 +1728,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Version => RFLX.IPv4.Valid_Version (Val), @@ -1762,20 +1762,20 @@ private when F_Initial | F_Version | F_IHL | F_DSCP | F_ECN | F_Identification | F_Flag_DF | F_Flag_MF | F_Fragment_Offset | F_TTL | F_Protocol | F_Header_Checksum | F_Source | F_Destination | F_Options | F_Payload | F_Final => True, when F_Total_Length => - RFLX_Types.U64 (Ctx.Cursors (F_Total_Length).Value) >= RFLX_Types.U64 (Ctx.Cursors (F_IHL).Value) * 4, + RFLX_Types.S63 (Ctx.Cursors (F_Total_Length).Value) >= RFLX_Types.S63 (Ctx.Cursors (F_IHL).Value) * 4, when F_Flag_R => - RFLX_Types.U64 (Ctx.Cursors (F_Flag_R).Value) = RFLX_Types.U64 (To_U64 (False)))); + RFLX_Types.S63 (Ctx.Cursors (F_Flag_R).Value) = RFLX_Types.S63 (To_S63 (False)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Version | F_IHL | F_DSCP | F_ECN => True, when F_Total_Length => - Val >= RFLX_Types.U64 (Ctx.Cursors (F_IHL).Value) * 4, + Val >= RFLX_Types.S63 (Ctx.Cursors (F_IHL).Value) * 4, when F_Identification => True, when F_Flag_R => - Val = RFLX_Types.U64 (To_U64 (False)), + Val = RFLX_Types.S63 (To_S63 (False)), when F_Flag_DF | F_Flag_MF | F_Fragment_Offset | F_TTL | F_Protocol | F_Header_Checksum | F_Source | F_Destination | F_Options | F_Payload => True)); diff --git a/tests/spark/generated/rflx-ipv4.ads b/tests/spark/generated/rflx-ipv4.ads index 0d2ce5f98..aafd7a9f2 100644 --- a/tests/spark/generated/rflx-ipv4.ads +++ b/tests/spark/generated/rflx-ipv4.ads @@ -10,15 +10,15 @@ is Size => 4; - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Version (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Version (Val : RFLX.RFLX_Types.S63) return Boolean is (Val = 4); - function To_U64 (Val : RFLX.IPv4.Version) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.IPv4.Version) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.Version is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.Version is (RFLX.IPv4.Version (Val)) with Pre => @@ -28,14 +28,14 @@ is Size => 4; - function Valid_IHL (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_IHL (Val : RFLX.RFLX_Types.S63) return Boolean is (Val >= 5 and Val <= 15); - function To_U64 (Val : RFLX.IPv4.IHL) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.IPv4.IHL) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.IHL is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.IHL is (RFLX.IPv4.IHL (Val)) with Pre => @@ -45,13 +45,13 @@ is Size => 6; - function Valid_DCSP (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_DCSP (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 63); - function To_U64 (Val : RFLX.IPv4.DCSP) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.IPv4.DCSP) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.DCSP is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.DCSP is (RFLX.IPv4.DCSP (Val)) with Pre => @@ -61,13 +61,13 @@ is Size => 2; - function Valid_ECN (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_ECN (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 3); - function To_U64 (Val : RFLX.IPv4.ECN) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.IPv4.ECN) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.ECN is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.ECN is (RFLX.IPv4.ECN (Val)) with Pre => @@ -77,13 +77,13 @@ is Size => 16; - function Valid_Total_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Total_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.IPv4.Total_Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.IPv4.Total_Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.Total_Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.Total_Length is (RFLX.IPv4.Total_Length (Val)) with Pre => @@ -93,13 +93,13 @@ is Size => 16; - function Valid_Identification (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Identification (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.IPv4.Identification) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.IPv4.Identification) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.Identification is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.Identification is (RFLX.IPv4.Identification (Val)) with Pre => @@ -109,13 +109,13 @@ is Size => 13; - function Valid_Fragment_Offset (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Fragment_Offset (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 8191); - function To_U64 (Val : RFLX.IPv4.Fragment_Offset) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.IPv4.Fragment_Offset) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.Fragment_Offset is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.Fragment_Offset is (RFLX.IPv4.Fragment_Offset (Val)) with Pre => @@ -125,13 +125,13 @@ is Size => 8; - function Valid_TTL (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_TTL (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.IPv4.TTL) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.IPv4.TTL) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.TTL is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.TTL is (RFLX.IPv4.TTL (Val)) with Pre => @@ -148,17 +148,17 @@ is when True => Enum : Protocol_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_Protocol (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Protocol (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Protocol (Val : Protocol) return Boolean is ((if Val.Known then True else Valid_Protocol (Val.Raw) and Val.Raw not in 1 | 17)); - function To_U64 (Enum : RFLX.IPv4.Protocol_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.IPv4.Protocol_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when P_ICMP => 1, @@ -168,7 +168,7 @@ is function To_Actual (Enum : Protocol_Enum) return RFLX.IPv4.Protocol is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.Protocol is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.Protocol is ((case Val is when 1 => (True, P_ICMP), @@ -180,20 +180,20 @@ is Pre => Valid_Protocol (Val); - function To_U64 (Val : RFLX.IPv4.Protocol) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.IPv4.Protocol) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); type Header_Checksum is mod 2**16 with Size => 16; - function Valid_Header_Checksum (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Header_Checksum (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.IPv4.Header_Checksum) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.IPv4.Header_Checksum) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.Header_Checksum is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.Header_Checksum is (RFLX.IPv4.Header_Checksum (Val)) with Pre => @@ -203,13 +203,13 @@ is Size => 32; - function Valid_Address (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Address (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 4294967295); - function To_U64 (Val : RFLX.IPv4.Address) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.IPv4.Address) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.Address is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.Address is (RFLX.IPv4.Address (Val)) with Pre => @@ -220,10 +220,10 @@ is 2; for Option_Class use (Control => 0, Debugging_And_Measurement => 2); - function Valid_Option_Class (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Class (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 2); - function To_U64 (Enum : RFLX.IPv4.Option_Class) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.IPv4.Option_Class) return RFLX.RFLX_Types.S63 is ((case Enum is when Control => 0, @@ -232,7 +232,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.Option_Class is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.Option_Class is ((case Val is when 0 => Control, @@ -250,13 +250,13 @@ is Size => 5; - function Valid_Option_Number (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Number (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 31); - function To_U64 (Val : RFLX.IPv4.Option_Number) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.IPv4.Option_Number) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.Option_Number is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.Option_Number is (RFLX.IPv4.Option_Number (Val)) with Pre => @@ -266,14 +266,14 @@ is Size => 8; - function Valid_Option_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val >= 2 and Val <= 255); - function To_U64 (Val : RFLX.IPv4.Option_Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.IPv4.Option_Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.IPv4.Option_Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.IPv4.Option_Length is (RFLX.IPv4.Option_Length (Val)) with Pre => diff --git a/tests/spark/generated/rflx-rflx_arithmetic.ads b/tests/spark/generated/rflx-rflx_arithmetic.ads index 5b6279a87..f38299a22 100644 --- a/tests/spark/generated/rflx-rflx_arithmetic.ads +++ b/tests/spark/generated/rflx-rflx_arithmetic.ads @@ -7,6 +7,8 @@ is type U64 is mod 2**64 with Annotate => (GNATprove, No_Wrap_Around); + type S63 is range 0 .. 2 ** 63 - 1; + -- Express that V contains at most Bits non-zero bits, in the least -- significant part (the rest is zero). pragma Warnings (Off, "postcondition does not mention function result"); diff --git a/tests/spark/generated/rflx-rflx_builtin_types-conversions.ads b/tests/spark/generated/rflx-rflx_builtin_types-conversions.ads index ff3cc8ddc..dc0478635 100644 --- a/tests/spark/generated/rflx-rflx_builtin_types-conversions.ads +++ b/tests/spark/generated/rflx-rflx_builtin_types-conversions.ads @@ -34,4 +34,30 @@ is Pre => Valid_Boolean (Val); + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_S63 (Enum : Boolean) return RFLX.RFLX_Arithmetic.S63 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.S63) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/tests/spark/generated/rflx-rflx_generic_types.adb b/tests/spark/generated/rflx-rflx_generic_types.adb index 2cb298219..906574616 100644 --- a/tests/spark/generated/rflx-rflx_generic_types.adb +++ b/tests/spark/generated/rflx-rflx_generic_types.adb @@ -357,6 +357,18 @@ is end if; end Extract; + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + is + begin + return S63 (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + procedure Insert (Val : U64; Buffer : Bytes_Ptr; @@ -370,4 +382,22 @@ is U64_Insert (Val, Buffer, First, Last, Off, Size, BO); end Insert; + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Lemma_Size (Val : S63; Size : Positive) is + begin + null; + end Lemma_Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/spark/generated/rflx-rflx_generic_types.ads b/tests/spark/generated/rflx-rflx_generic_types.ads index b5bdea39f..d2e63e118 100644 --- a/tests/spark/generated/rflx-rflx_generic_types.ads +++ b/tests/spark/generated/rflx-rflx_generic_types.ads @@ -47,6 +47,10 @@ is use type U64; + subtype S63 is RFLX.RFLX_Arithmetic.S63; + + use type S63; + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; function To_Index (Bit_Idx : Bit_Length) return Index is @@ -88,7 +92,30 @@ is and then Last - First <= Index'Last - 1 and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1); + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return S63 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); procedure Insert (Val : U64; @@ -111,6 +138,27 @@ is Post => (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Insert + (Val : S63; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then U64 (Val) < 2**Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); function Unreachable return Boolean is (False) with Pre => False; @@ -119,4 +167,9 @@ is function Unreachable return Length is (0) with Pre => False; + procedure Lemma_Size (Val : S63; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then (if Size < S63'Size then Val < 2 ** Size), + Post => U64 (Val) < 2 ** Size; + end RFLX.RFLX_Generic_Types; diff --git a/tests/spark/generated/rflx-rflx_scalar_sequence.adb b/tests/spark/generated/rflx-rflx_scalar_sequence.adb index 5a6f2c838..c919196f4 100644 --- a/tests/spark/generated/rflx-rflx_scalar_sequence.adb +++ b/tests/spark/generated/rflx-rflx_scalar_sequence.adb @@ -14,7 +14,7 @@ is Buffer_First : constant RFLX_Types.Index := Buffer'First; Buffer_Last : constant RFLX_Types.Index := Buffer'Last; begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.U64'First, Next_Element => RFLX.RFLX_Types.U64'First); + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.S63'First, Next_Element => RFLX.RFLX_Types.S63'First); Buffer := null; end Initialize; @@ -75,10 +75,10 @@ is Last := RFLX_Types.To_Index (Last_Bit); Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - Insert (To_U64 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + Insert (To_S63 (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); end if; if Size (Ctx) = 0 then - Ctx.First_Element := To_U64 (Value); + Ctx.First_Element := To_S63 (Value); end if; Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); end Append_Element; diff --git a/tests/spark/generated/rflx-rflx_scalar_sequence.ads b/tests/spark/generated/rflx-rflx_scalar_sequence.ads index 2d3787ede..62691a5bd 100644 --- a/tests/spark/generated/rflx-rflx_scalar_sequence.ads +++ b/tests/spark/generated/rflx-rflx_scalar_sequence.ads @@ -4,9 +4,9 @@ with RFLX.RFLX_Types; generic type Element_Type is private; Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.U64) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.U64) return Element_Type; - with function To_U64 (Element : Element_Type) return RFLX.RFLX_Types.U64; + with function Valid (Element : RFLX.RFLX_Types.S63) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.S63) return Element_Type; + with function To_S63 (Element : Element_Type) return RFLX.RFLX_Types.S63; package RFLX.RFLX_Scalar_Sequence with SPARK_Mode is @@ -25,7 +25,7 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with Default_Initial_Condition => @@ -146,8 +146,8 @@ is Pre => (Has_Buffer (Ctx) and then Valid (Ctx) - and then Valid (To_U64 (Value)) - and then (if Element_Size < 64 then To_U64 (Value) < 2**Element_Size) + and then Valid (To_S63 (Value)) + and then (if Element_Size < 64 then To_S63 (Value) < 2**Element_Size) and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), Post => (Has_Buffer (Ctx) @@ -185,8 +185,8 @@ private Sequence_Last : RFLX_Types.Bit_Length := First - 1; Buffer : RFLX_Types.Bytes_Ptr := null; State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; - Next_Element : RFLX.RFLX_Types.U64 := RFLX.RFLX_Types.U64'First; + First_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; + Next_Element : RFLX.RFLX_Types.S63 := RFLX.RFLX_Types.S63'First; end record with Dynamic_Predicate => ((if Buffer /= null then diff --git a/tests/spark/generated/rflx-sequence-av_enumeration_vector.ads b/tests/spark/generated/rflx-sequence-av_enumeration_vector.ads index 7dfc456f6..8c249a218 100644 --- a/tests/spark/generated/rflx-sequence-av_enumeration_vector.ads +++ b/tests/spark/generated/rflx-sequence-av_enumeration_vector.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Sequence.AV_Enumeration_Vector is new RFLX.RFLX_Scalar_Sequence (RFLX.Sequence.AV_Enumeration, 8, RFLX.Sequence.Valid_AV_Enumeration, RFLX.Sequence.To_Actual, RFLX.Sequence.To_U64); +package RFLX.Sequence.AV_Enumeration_Vector is new RFLX.RFLX_Scalar_Sequence (RFLX.Sequence.AV_Enumeration, 8, RFLX.Sequence.Valid_AV_Enumeration, RFLX.Sequence.To_Actual, RFLX.Sequence.To_S63); diff --git a/tests/spark/generated/rflx-sequence-enumeration_vector.ads b/tests/spark/generated/rflx-sequence-enumeration_vector.ads index a6ea4e0fb..7a11a7479 100644 --- a/tests/spark/generated/rflx-sequence-enumeration_vector.ads +++ b/tests/spark/generated/rflx-sequence-enumeration_vector.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Sequence.Enumeration_Vector is new RFLX.RFLX_Scalar_Sequence (RFLX.Sequence.Enumeration, 8, RFLX.Sequence.Valid_Enumeration, RFLX.Sequence.To_Actual, RFLX.Sequence.To_U64); +package RFLX.Sequence.Enumeration_Vector is new RFLX.RFLX_Scalar_Sequence (RFLX.Sequence.Enumeration, 8, RFLX.Sequence.Valid_Enumeration, RFLX.Sequence.To_Actual, RFLX.Sequence.To_S63); diff --git a/tests/spark/generated/rflx-sequence-inner_message.adb b/tests/spark/generated/rflx-sequence-inner_message.adb index ea9a75d34..a31d71bf5 100644 --- a/tests/spark/generated/rflx-sequence-inner_message.adb +++ b/tests/spark/generated/rflx-sequence-inner_message.adb @@ -161,7 +161,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Payload); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -184,7 +184,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -245,7 +245,7 @@ is Process_Payload (Ctx.Buffer.all (First .. Last)); end Generic_Get_Payload; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -308,7 +308,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -316,8 +316,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -344,12 +344,13 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Length (Ctx : in out Context; Val : RFLX.Sequence.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Payload_Empty (Ctx : in out Context) is diff --git a/tests/spark/generated/rflx-sequence-inner_message.ads b/tests/spark/generated/rflx-sequence-inner_message.ads index 40ca8a5c1..6ed36c4bf 100644 --- a/tests/spark/generated/rflx-sequence-inner_message.ads +++ b/tests/spark/generated/rflx-sequence-inner_message.ads @@ -8,9 +8,9 @@ package RFLX.Sequence.Inner_Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -425,7 +425,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Sequence.Valid_Length (To_U64 (Val)) + and then RFLX.Sequence.Valid_Length (To_S63 (Val)) and then Field_Condition (Ctx, F_Length) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => @@ -593,7 +593,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -694,7 +694,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Length => RFLX.Sequence.Valid_Length (Val), diff --git a/tests/spark/generated/rflx-sequence-message.adb b/tests/spark/generated/rflx-sequence-message.adb index 91206b336..62dd34d28 100644 --- a/tests/spark/generated/rflx-sequence-message.adb +++ b/tests/spark/generated/rflx-sequence-message.adb @@ -173,7 +173,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Modular_Vector | F_Range_Vector | F_Enumeration_Vector | F_AV_Enumeration_Vector); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -196,7 +196,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -235,7 +235,7 @@ is end loop; end Verify_Message; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -309,7 +309,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -317,8 +317,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -354,12 +354,13 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Length (Ctx : in out Context; Val : RFLX.Sequence.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Modular_Vector_Empty (Ctx : in out Context) is diff --git a/tests/spark/generated/rflx-sequence-message.ads b/tests/spark/generated/rflx-sequence-message.ads index e79ca0004..2fd85e2e9 100644 --- a/tests/spark/generated/rflx-sequence-message.ads +++ b/tests/spark/generated/rflx-sequence-message.ads @@ -12,9 +12,9 @@ package RFLX.Sequence.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -28,15 +28,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -245,7 +245,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -404,7 +404,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Sequence.Valid_Length (To_U64 (Val)) + and then RFLX.Sequence.Valid_Length (To_S63 (Val)) and then Field_Condition (Ctx, F_Length) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => @@ -975,7 +975,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -1112,7 +1112,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Length => RFLX.Sequence.Valid_Length (Val), diff --git a/tests/spark/generated/rflx-sequence-messages_message.adb b/tests/spark/generated/rflx-sequence-messages_message.adb index f0aa2c5f9..2ba1b136a 100644 --- a/tests/spark/generated/rflx-sequence-messages_message.adb +++ b/tests/spark/generated/rflx-sequence-messages_message.adb @@ -161,7 +161,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Messages); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -184,7 +184,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -223,7 +223,7 @@ is end loop; end Verify_Message; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -286,7 +286,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -294,8 +294,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -322,12 +322,13 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Length (Ctx : in out Context; Val : RFLX.Sequence.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Messages_Empty (Ctx : in out Context) is diff --git a/tests/spark/generated/rflx-sequence-messages_message.ads b/tests/spark/generated/rflx-sequence-messages_message.ads index cd4f611ef..4197a383d 100644 --- a/tests/spark/generated/rflx-sequence-messages_message.ads +++ b/tests/spark/generated/rflx-sequence-messages_message.ads @@ -9,9 +9,9 @@ package RFLX.Sequence.Messages_Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -25,15 +25,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -242,7 +242,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -401,7 +401,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.Sequence.Valid_Length (To_U64 (Val)) + and then RFLX.Sequence.Valid_Length (To_S63 (Val)) and then Field_Condition (Ctx, F_Length) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => @@ -581,7 +581,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -682,7 +682,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Length => RFLX.Sequence.Valid_Length (Val), diff --git a/tests/spark/generated/rflx-sequence-modular_vector.ads b/tests/spark/generated/rflx-sequence-modular_vector.ads index 12a2f7b56..9aad54000 100644 --- a/tests/spark/generated/rflx-sequence-modular_vector.ads +++ b/tests/spark/generated/rflx-sequence-modular_vector.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Sequence.Modular_Vector is new RFLX.RFLX_Scalar_Sequence (RFLX.Sequence.Modular_Integer, 16, RFLX.Sequence.Valid_Modular_Integer, RFLX.Sequence.To_Actual, RFLX.Sequence.To_U64); +package RFLX.Sequence.Modular_Vector is new RFLX.RFLX_Scalar_Sequence (RFLX.Sequence.Modular_Integer, 16, RFLX.Sequence.Valid_Modular_Integer, RFLX.Sequence.To_Actual, RFLX.Sequence.To_S63); diff --git a/tests/spark/generated/rflx-sequence-range_vector.ads b/tests/spark/generated/rflx-sequence-range_vector.ads index 440e9cc0c..26e16b91f 100644 --- a/tests/spark/generated/rflx-sequence-range_vector.ads +++ b/tests/spark/generated/rflx-sequence-range_vector.ads @@ -6,4 +6,4 @@ pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); with RFLX.RFLX_Types; pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); -package RFLX.Sequence.Range_Vector is new RFLX.RFLX_Scalar_Sequence (RFLX.Sequence.Range_Integer, 8, RFLX.Sequence.Valid_Range_Integer, RFLX.Sequence.To_Actual, RFLX.Sequence.To_U64); +package RFLX.Sequence.Range_Vector is new RFLX.RFLX_Scalar_Sequence (RFLX.Sequence.Range_Integer, 8, RFLX.Sequence.Valid_Range_Integer, RFLX.Sequence.To_Actual, RFLX.Sequence.To_S63); diff --git a/tests/spark/generated/rflx-sequence-sequence_size_defined_by_message_size.adb b/tests/spark/generated/rflx-sequence-sequence_size_defined_by_message_size.adb index 64296717f..473f14242 100644 --- a/tests/spark/generated/rflx-sequence-sequence_size_defined_by_message_size.adb +++ b/tests/spark/generated/rflx-sequence-sequence_size_defined_by_message_size.adb @@ -161,7 +161,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Vector); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -184,7 +184,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -223,7 +223,7 @@ is end loop; end Verify_Message; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -286,7 +286,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -294,8 +294,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -322,12 +322,13 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Header (Ctx : in out Context; Val : RFLX.Sequence.Enumeration) is begin - Set_Scalar (Ctx, F_Header, To_U64 (Val)); + Set_Scalar (Ctx, F_Header, To_S63 (Val)); end Set_Header; procedure Set_Vector_Empty (Ctx : in out Context) is diff --git a/tests/spark/generated/rflx-sequence-sequence_size_defined_by_message_size.ads b/tests/spark/generated/rflx-sequence-sequence_size_defined_by_message_size.ads index 48d7610a0..366f2b6e0 100644 --- a/tests/spark/generated/rflx-sequence-sequence_size_defined_by_message_size.ads +++ b/tests/spark/generated/rflx-sequence-sequence_size_defined_by_message_size.ads @@ -9,9 +9,9 @@ package RFLX.Sequence.Sequence_Size_Defined_By_Message_Size with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -25,15 +25,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -242,7 +242,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -401,7 +401,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Header) - and then RFLX.Sequence.Valid_Enumeration (To_U64 (Val)) + and then RFLX.Sequence.Valid_Enumeration (To_S63 (Val)) and then Field_Condition (Ctx, F_Header) and then Available_Space (Ctx, F_Header) >= Field_Size (Ctx, F_Header), Post => @@ -583,7 +583,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -684,7 +684,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Header => RFLX.Sequence.Valid_Enumeration (Val), diff --git a/tests/spark/generated/rflx-sequence.ads b/tests/spark/generated/rflx-sequence.ads index ea5e99277..0a07ee88a 100644 --- a/tests/spark/generated/rflx-sequence.ads +++ b/tests/spark/generated/rflx-sequence.ads @@ -10,15 +10,15 @@ is Size => 8; - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 255); - function To_U64 (Val : RFLX.Sequence.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Sequence.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Sequence.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Sequence.Length is (RFLX.Sequence.Length (Val)) with Pre => @@ -28,13 +28,13 @@ is Size => 16; - function Valid_Modular_Integer (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Modular_Integer (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.Sequence.Modular_Integer) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Sequence.Modular_Integer) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Sequence.Modular_Integer is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Sequence.Modular_Integer is (RFLX.Sequence.Modular_Integer (Val)) with Pre => @@ -44,14 +44,14 @@ is Size => 8; - function Valid_Range_Integer (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Range_Integer (Val : RFLX.RFLX_Types.S63) return Boolean is (Val >= 1 and Val <= 100); - function To_U64 (Val : RFLX.Sequence.Range_Integer) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.Sequence.Range_Integer) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Sequence.Range_Integer is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Sequence.Range_Integer is (RFLX.Sequence.Range_Integer (Val)) with Pre => @@ -62,10 +62,10 @@ is 8; for Enumeration use (Zero => 0, One => 1, Two => 2); - function Valid_Enumeration (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Enumeration (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 0 | 1 | 2); - function To_U64 (Enum : RFLX.Sequence.Enumeration) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Sequence.Enumeration) return RFLX.RFLX_Types.S63 is ((case Enum is when Zero => 0, @@ -76,7 +76,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Sequence.Enumeration is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Sequence.Enumeration is ((case Val is when 0 => Zero, @@ -103,17 +103,17 @@ is when True => Enum : AV_Enumeration_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - function Valid_AV_Enumeration (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_AV_Enumeration (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_AV_Enumeration (Val : AV_Enumeration) return Boolean is ((if Val.Known then True else Valid_AV_Enumeration (Val.Raw) and Val.Raw not in 0 | 1 | 2)); - function To_U64 (Enum : RFLX.Sequence.AV_Enumeration_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Sequence.AV_Enumeration_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when AV_Zero => 0, @@ -125,7 +125,7 @@ is function To_Actual (Enum : AV_Enumeration_Enum) return RFLX.Sequence.AV_Enumeration is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Sequence.AV_Enumeration is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Sequence.AV_Enumeration is ((case Val is when 0 => (True, AV_Zero), @@ -139,7 +139,7 @@ is Pre => Valid_AV_Enumeration (Val); - function To_U64 (Val : RFLX.Sequence.AV_Enumeration) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Sequence.AV_Enumeration) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Sequence; diff --git a/tests/spark/generated/rflx-tlv-message.adb b/tests/spark/generated/rflx-tlv-message.adb index a0ff99b70..e90d243d6 100644 --- a/tests/spark/generated/rflx-tlv-message.adb +++ b/tests/spark/generated/rflx-tlv-message.adb @@ -84,11 +84,11 @@ is ((case Fld is when F_Tag => (if - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Error)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Error)) then F_Final elsif - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then F_Length else @@ -174,7 +174,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Value); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -199,7 +199,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -260,7 +260,7 @@ is Process_Value (Ctx.Buffer.all (First .. Last)); end Generic_Get_Value; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -291,7 +291,7 @@ is when F_Tag => Get_Tag (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then Predecessor (Ctx, F_Length) = F_Tag and Valid_Next (Ctx, F_Length)) @@ -333,7 +333,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -341,8 +341,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -351,7 +351,7 @@ is when F_Tag => Get_Tag (Ctx) = To_Actual (Val) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then Predecessor (Ctx, F_Length) = F_Tag and Valid_Next (Ctx, F_Length)) @@ -377,17 +377,18 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Tag (Ctx : in out Context; Val : RFLX.TLV.Tag) is begin - Set_Scalar (Ctx, F_Tag, To_U64 (Val)); + Set_Scalar (Ctx, F_Tag, To_S63 (Val)); end Set_Tag; procedure Set_Length (Ctx : in out Context; Val : RFLX.TLV.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Value_Empty (Ctx : in out Context) is diff --git a/tests/spark/generated/rflx-tlv-message.ads b/tests/spark/generated/rflx-tlv-message.ads index 816f7eb70..639e11740 100644 --- a/tests/spark/generated/rflx-tlv-message.ads +++ b/tests/spark/generated/rflx-tlv-message.ads @@ -8,9 +8,9 @@ package RFLX.TLV.Message with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -259,7 +259,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean with Pre => Has_Buffer (Ctx) and Valid_Predecessor (Ctx, Fld) @@ -430,8 +430,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Tag) - and then RFLX.TLV.Valid_Tag (To_U64 (Val)) - and then Field_Condition (Ctx, F_Tag, To_U64 (Val)) + and then RFLX.TLV.Valid_Tag (To_S63 (Val)) + and then Field_Condition (Ctx, F_Tag, To_S63 (Val)) and then Available_Space (Ctx, F_Tag) >= Field_Size (Ctx, F_Tag), Post => Has_Buffer (Ctx) @@ -441,7 +441,7 @@ is and Invalid (Ctx, F_Length) and Invalid (Ctx, F_Value) and (if - RFLX_Types.U64 (To_U64 (Get_Tag (Ctx))) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + RFLX_Types.S63 (To_S63 (Get_Tag (Ctx))) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then Predecessor (Ctx, F_Length) = F_Tag and Valid_Next (Ctx, F_Length)) @@ -458,8 +458,8 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.TLV.Valid_Length (To_U64 (Val)) - and then Field_Condition (Ctx, F_Length, To_U64 (Val)) + and then RFLX.TLV.Valid_Length (To_S63 (Val)) + and then Field_Condition (Ctx, F_Length, To_S63 (Val)) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => Has_Buffer (Ctx) @@ -606,7 +606,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -659,7 +659,7 @@ private then (Valid (Cursors (F_Tag)) and then Cursors (F_Length).Predecessor = F_Tag - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)))) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)))) and then (if Structural_Valid (Cursors (F_Value)) then @@ -675,7 +675,7 @@ private and then Cursors (F_Tag).First = First and then (if Structural_Valid (Cursors (F_Length)) - and then RFLX_Types.U64 (Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)) + and then RFLX_Types.S63 (Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)) then Cursors (F_Length).Last - Cursors (F_Length).First + 1 = 16 and then Cursors (F_Length).Predecessor = F_Tag @@ -721,7 +721,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Tag => RFLX.TLV.Valid_Tag (Val), @@ -735,13 +735,13 @@ private when F_Initial | F_Length | F_Value | F_Final => True, when F_Tag => - RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)))); + RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)))); - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Tag => - Val = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Error)) - or Val = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Data)), + Val = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Error)) + or Val = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Data)), when F_Length | F_Value => True)); @@ -813,12 +813,12 @@ private function Structural_Valid_Message (Ctx : Context) return Boolean is ((Valid (Ctx, F_Tag) - and then RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Error))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Error))) or Structural_Valid (Ctx, F_Value)); function Valid_Message (Ctx : Context) return Boolean is ((Valid (Ctx, F_Tag) - and then RFLX_Types.U64 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.U64 (To_U64 (RFLX.TLV.Msg_Error))) + and then RFLX_Types.S63 (Ctx.Cursors (F_Tag).Value) = RFLX_Types.S63 (To_S63 (RFLX.TLV.Msg_Error))) or Valid (Ctx, F_Value)); function Incomplete_Message (Ctx : Context) return Boolean is diff --git a/tests/spark/generated/rflx-tlv.ads b/tests/spark/generated/rflx-tlv.ads index 305c66e46..32e16d8a4 100644 --- a/tests/spark/generated/rflx-tlv.ads +++ b/tests/spark/generated/rflx-tlv.ads @@ -11,12 +11,12 @@ is 8; for Tag use (Msg_Data => 1, Msg_Error => 3); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Tag (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Tag (Val : RFLX.RFLX_Types.S63) return Boolean is (Val in 1 | 3); - function To_U64 (Enum : RFLX.TLV.Tag) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.TLV.Tag) return RFLX.RFLX_Types.S63 is ((case Enum is when Msg_Data => 1, @@ -25,7 +25,7 @@ is pragma Warnings (Off, "unreachable branch"); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.TLV.Tag is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.TLV.Tag is ((case Val is when 1 => Msg_Data, @@ -43,13 +43,13 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.TLV.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.TLV.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.TLV.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.TLV.Length is (RFLX.TLV.Length (Val)) with Pre => diff --git a/tests/spark/generated/rflx-udp-datagram.adb b/tests/spark/generated/rflx-udp-datagram.adb index be74dba13..bf987bc5e 100644 --- a/tests/spark/generated/rflx-udp-datagram.adb +++ b/tests/spark/generated/rflx-udp-datagram.adb @@ -173,7 +173,7 @@ is function Composite_Field (Fld : Field) return Boolean is (Fld in F_Payload); - function Get (Ctx : Context; Fld : Field) return RFLX_Types.U64 with + function Get (Ctx : Context; Fld : Field) return RFLX_Types.S63 with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -196,7 +196,7 @@ is end Get; procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.U64; + Value : RFLX_Types.S63; begin if Invalid (Ctx.Cursors (Fld)) @@ -257,7 +257,7 @@ is Process_Payload (Ctx.Buffer.all (First .. Last)); end Generic_Get_Payload; - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with Pre => Has_Buffer (Ctx) and then Valid_Next (Ctx, Fld) @@ -332,7 +332,7 @@ is Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); end Set; - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.U64) with + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.S63) with Pre => not Ctx'Constrained and then Has_Buffer (Ctx) @@ -340,8 +340,8 @@ is and then Valid_Value (Fld, Val) and then Valid_Size (Ctx, Fld, Field_Size (Ctx, Fld)) and then Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld) - and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.U64'Size - and then (if Field_Size (Ctx, Fld) < RFLX_Types.U64'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), + and then Field_Size (Ctx, Fld) in 1 .. RFLX_Types.S63'Size + and then (if Field_Size (Ctx, Fld) < RFLX_Types.S63'Size then Val < 2**Natural (Field_Size (Ctx, Fld))), Post => Has_Buffer (Ctx) and Valid (Ctx, Fld) @@ -380,27 +380,28 @@ is Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); begin Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); RFLX_Types.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); end Set_Scalar; procedure Set_Source_Port (Ctx : in out Context; Val : RFLX.UDP.Port) is begin - Set_Scalar (Ctx, F_Source_Port, To_U64 (Val)); + Set_Scalar (Ctx, F_Source_Port, To_S63 (Val)); end Set_Source_Port; procedure Set_Destination_Port (Ctx : in out Context; Val : RFLX.UDP.Port) is begin - Set_Scalar (Ctx, F_Destination_Port, To_U64 (Val)); + Set_Scalar (Ctx, F_Destination_Port, To_S63 (Val)); end Set_Destination_Port; procedure Set_Length (Ctx : in out Context; Val : RFLX.UDP.Length) is begin - Set_Scalar (Ctx, F_Length, To_U64 (Val)); + Set_Scalar (Ctx, F_Length, To_S63 (Val)); end Set_Length; procedure Set_Checksum (Ctx : in out Context; Val : RFLX.UDP.Checksum) is begin - Set_Scalar (Ctx, F_Checksum, To_U64 (Val)); + Set_Scalar (Ctx, F_Checksum, To_S63 (Val)); end Set_Checksum; procedure Set_Payload_Empty (Ctx : in out Context) is diff --git a/tests/spark/generated/rflx-udp-datagram.ads b/tests/spark/generated/rflx-udp-datagram.ads index 63902bf8b..d21c036bf 100644 --- a/tests/spark/generated/rflx-udp-datagram.ads +++ b/tests/spark/generated/rflx-udp-datagram.ads @@ -8,9 +8,9 @@ package RFLX.UDP.Datagram with (GNATprove, Terminating) is - pragma Warnings (Off, "use clause for type ""U64"" * has no effect"); + pragma Warnings (Off, "use clause for type ""S63"" * has no effect"); - pragma Warnings (Off, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (Off, """S63"" is already use-visible through previous use_type_clause"); pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); @@ -24,15 +24,15 @@ is use type RFLX_Types.Bit_Index; - use type RFLX_Types.U64; + use type RFLX_Types.S63; use type RFLX_Types.Offset; pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, """U64"" is already use-visible through previous use_type_clause"); + pragma Warnings (On, """S63"" is already use-visible through previous use_type_clause"); - pragma Warnings (On, "use clause for type ""U64"" * has no effect"); + pragma Warnings (On, "use clause for type ""S63"" * has no effect"); pragma Unevaluated_Use_Of_Old (Allow); @@ -241,7 +241,7 @@ is pragma Warnings (Off, "postcondition does not mention function result"); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean with + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean with Post => True; @@ -437,7 +437,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Source_Port) - and then RFLX.UDP.Valid_Port (To_U64 (Val)) + and then RFLX.UDP.Valid_Port (To_S63 (Val)) and then Field_Condition (Ctx, F_Source_Port) and then Available_Space (Ctx, F_Source_Port) >= Field_Size (Ctx, F_Source_Port), Post => @@ -463,7 +463,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Destination_Port) - and then RFLX.UDP.Valid_Port (To_U64 (Val)) + and then RFLX.UDP.Valid_Port (To_S63 (Val)) and then Field_Condition (Ctx, F_Destination_Port) and then Available_Space (Ctx, F_Destination_Port) >= Field_Size (Ctx, F_Destination_Port), Post => @@ -491,7 +491,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Length) - and then RFLX.UDP.Valid_Length (To_U64 (Val)) + and then RFLX.UDP.Valid_Length (To_S63 (Val)) and then Field_Condition (Ctx, F_Length) and then Available_Space (Ctx, F_Length) >= Field_Size (Ctx, F_Length), Post => @@ -519,7 +519,7 @@ is not Ctx'Constrained and then Has_Buffer (Ctx) and then Valid_Next (Ctx, F_Checksum) - and then RFLX.UDP.Valid_Checksum (To_U64 (Val)) + and then RFLX.UDP.Valid_Checksum (To_S63 (Val)) and then Field_Condition (Ctx, F_Checksum) and then Available_Space (Ctx, F_Checksum) >= Field_Size (Ctx, F_Checksum), Post => @@ -707,7 +707,7 @@ private when S_Valid | S_Structural_Valid => First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.U64 := 0; + Value : RFLX_Types.S63 := 0; when S_Invalid | S_Incomplete => null; end case; @@ -844,7 +844,7 @@ private function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is (Ctx.Written_Last); - function Valid_Value (Fld : Field; Val : RFLX_Types.U64) return Boolean is + function Valid_Value (Fld : Field; Val : RFLX_Types.S63) return Boolean is ((case Fld is when F_Source_Port | F_Destination_Port => RFLX.UDP.Valid_Port (Val), diff --git a/tests/spark/generated/rflx-udp.ads b/tests/spark/generated/rflx-udp.ads index f5df92fd6..e24838e21 100644 --- a/tests/spark/generated/rflx-udp.ads +++ b/tests/spark/generated/rflx-udp.ads @@ -10,15 +10,15 @@ is Size => 16; - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Port (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Port (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.UDP.Port) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.UDP.Port) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.UDP.Port is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.UDP.Port is (RFLX.UDP.Port (Val)) with Pre => @@ -28,14 +28,14 @@ is Size => 16; - function Valid_Length (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Length (Val : RFLX.RFLX_Types.S63) return Boolean is (Val >= 8 and Val <= 65535); - function To_U64 (Val : RFLX.UDP.Length) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.UDP.Length) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.UDP.Length is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.UDP.Length is (RFLX.UDP.Length (Val)) with Pre => @@ -45,13 +45,13 @@ is Size => 16; - function Valid_Checksum (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Checksum (Val : RFLX.RFLX_Types.S63) return Boolean is (Val <= 65535); - function To_U64 (Val : RFLX.UDP.Checksum) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.UDP.Checksum) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.UDP.Checksum is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.UDP.Checksum is (RFLX.UDP.Checksum (Val)) with Pre => diff --git a/tests/spark/generated/rflx-universal.ads b/tests/spark/generated/rflx-universal.ads index 2acf2e812..9f7f48981 100644 --- a/tests/spark/generated/rflx-universal.ads +++ b/tests/spark/generated/rflx-universal.ads @@ -17,19 +17,19 @@ is when True => Enum : Option_Type_Enum; when False => - Raw : RFLX_Types.U64; + Raw : RFLX_Types.S63; end case; end record; - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Option_Type (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Option_Type (Val : RFLX.RFLX_Types.S63) return Boolean is (Val < 2**8); function Valid_Option_Type (Val : Option_Type) return Boolean is ((if Val.Known then True else Valid_Option_Type (Val.Raw) and Val.Raw not in 0 | 1)); - function To_U64 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.U64 is + function To_S63 (Enum : RFLX.Universal.Option_Type_Enum) return RFLX.RFLX_Types.S63 is ((case Enum is when OT_Null => 0, @@ -39,7 +39,7 @@ is function To_Actual (Enum : Option_Type_Enum) return RFLX.Universal.Option_Type is ((True, Enum)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.Universal.Option_Type is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.Universal.Option_Type is ((case Val is when 0 => (True, OT_Null), @@ -51,7 +51,7 @@ is Pre => Valid_Option_Type (Val); - function To_U64 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.U64 is - ((if Val.Known then To_U64 (Val.Enum) else Val.Raw)); + function To_S63 (Val : RFLX.Universal.Option_Type) return RFLX.RFLX_Types.S63 is + ((if Val.Known then To_S63 (Val.Enum) else Val.Raw)); end RFLX.Universal; diff --git a/tests/spark/rflx-builtin_types_tests.adb b/tests/spark/rflx-builtin_types_tests.adb index 6fb626572..2cb557dcd 100644 --- a/tests/spark/rflx-builtin_types_tests.adb +++ b/tests/spark/rflx-builtin_types_tests.adb @@ -377,53 +377,53 @@ package body RFLX.Builtin_Types_Tests is Buffer : Bytes_Ptr := new Bytes'(Index'First .. Index'First + 2 => 0); begin Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (0), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (0), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (1, 0, 0), "Invalid insertion in zero-initialized buffer with offset 0"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (1), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (1), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (2, 0, 0), "Invalid insertion in zero-initialized buffer with offset 1"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (2), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (2), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (4, 0, 0), "Invalid insertion in zero-initialized buffer with offset 2"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (3), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (3), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (8, 0, 0), "Invalid insertion in zero-initialized buffer with offset 3"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (4), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (4), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (16, 0, 0), "Invalid insertion in zero-initialized buffer with offset 4"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (5), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (5), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (32, 0, 0), "Invalid insertion in zero-initialized buffer with offset 5"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (6), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (6), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (64, 0, 0), "Invalid insertion in zero-initialized buffer with offset 6"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (7), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (7), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (128, 0, 0), "Invalid insertion in zero-initialized buffer with offset 7"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (0), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (0), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (254, 255, 255), "Invalid insertion in filled buffer with offset 0"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (1), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (1), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (253, 255, 255), "Invalid insertion in filled buffer with offset 1"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (2), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (2), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (251, 255, 255), "Invalid insertion in filled buffer with offset 2"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (3), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (3), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (247, 255, 255), "Invalid insertion in filled buffer with offset 3"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (4), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (4), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (239, 255, 255), "Invalid insertion in filled buffer with offset 4"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (5), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (5), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (223, 255, 255), "Invalid insertion in filled buffer with offset 5"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (6), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (6), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (191, 255, 255), "Invalid insertion in filled buffer with offset 6"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (7), 1, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (7), 1, RFLX_Types.High_Order_First); Assert (Buffer.all, (127, 255, 255), "Invalid insertion in filled buffer with offset 7"); RFLX_Types.Free (Buffer); @@ -436,47 +436,47 @@ package body RFLX.Builtin_Types_Tests is Buffer : Bytes_Ptr := new Bytes'(Index'First .. Index'First + 2 => 0); begin Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 0, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 0, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (1, 0, 0), "Invalid insertion in zero-initialized buffer with offset 0"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 1, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 1, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (2, 0, 0), "Invalid insertion in zero-initialized buffer with offset 1"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 2, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 2, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (4, 0, 0), "Invalid insertion in zero-initialized buffer with offset 2"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 3, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 3, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (8, 0, 0), "Invalid insertion in zero-initialized buffer with offset 3"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 4, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 4, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (16, 0, 0), "Invalid insertion in zero-initialized buffer with offset 4"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 5, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 5, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (32, 0, 0), "Invalid insertion in zero-initialized buffer with offset 5"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 6, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 6, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (64, 0, 0), "Invalid insertion in zero-initialized buffer with offset 6"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 0, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 0, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (254, 255, 255), "Invalid insertion in filled buffer with offset 0"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 1, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 1, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (253, 255, 255), "Invalid insertion in filled buffer with offset 1"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 2, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 2, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (251, 255, 255), "Invalid insertion in filled buffer with offset 2"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 3, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 3, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (247, 255, 255), "Invalid insertion in filled buffer with offset 3"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 4, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 4, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (239, 255, 255), "Invalid insertion in filled buffer with offset 4"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 5, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 5, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (223, 255, 255), "Invalid insertion in filled buffer with offset 5"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 6, 2, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 6, 2, RFLX_Types.High_Order_First); Assert (Buffer.all, (191, 255, 255), "Invalid insertion in filled buffer with offset 6"); RFLX_Types.Free (Buffer); @@ -489,78 +489,78 @@ package body RFLX.Builtin_Types_Tests is Buffer : Bytes_Ptr := new Bytes'(Index'First .. Index'First + 2 => 0); begin Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 0, 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 0, 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 21, 85), "Invalid insertion in zero-initialized buffer with offset 0"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 1, 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 1, 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 42, 170), "Invalid insertion in zero-initialized buffer with offset 1"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 2, 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 2, 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 85, 84), "Invalid insertion in zero-initialized buffer with offset 2"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 3, 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 3, 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 170, 168), "Invalid insertion in zero-initialized buffer with offset 3"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (1, 85, 80), "Invalid insertion in zero-initialized buffer with offset 4"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (2, 170, 160), "Invalid insertion in zero-initialized buffer with offset 5"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (5, 85, 64), "Invalid insertion in zero-initialized buffer with offset 6"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (10, 170, 128), "Invalid insertion in zero-initialized buffer with offset 7"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 0, 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 0, 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (255, 245, 85), "Invalid insertion in filled buffer with offset 0"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 1, 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 1, 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (255, 234, 171), "Invalid insertion in filled buffer with offset 1"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 2, 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 2, 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (255, 213, 87), "Invalid insertion in filled buffer with offset 2"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 3, 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 3, 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (255, 170, 175), "Invalid insertion in filled buffer with offset 3"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (255, 85, 95), "Invalid insertion in filled buffer with offset 4"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (254, 170, 191), "Invalid insertion in filled buffer with offset 5"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (253, 85, 127), "Invalid insertion in filled buffer with offset 6"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (250, 170, 255), "Invalid insertion in filled buffer with offset 7"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (0), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (0), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 0, 255), "Invalid insertion of 0000011111111 with offset 0"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 1, 254), "Invalid insertion of 0000011111111 with offset 1"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 3, 252), "Invalid insertion of 0000011111111 with offset 2"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 7, 248), "Invalid insertion of 0000011111111 with offset 3"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 15, 240), "Invalid insertion of 0000011111111 with offset 4"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 31, 224), "Invalid insertion of 0000011111111 with offset 5"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 63, 192), "Invalid insertion of 0000011111111 with offset 6"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 13, RFLX_Types.High_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 13, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 127, 128), "Invalid insertion of 0000011111111 with offset 7"); RFLX_Types.Free (Buffer); @@ -573,124 +573,124 @@ package body RFLX.Builtin_Types_Tests is Buffer : Bytes_Ptr := new Bytes'(Index'First .. Index'First + 8 => 0); begin Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First + 1, Buffer'Last, 0, 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First + 1, Buffer'Last, 0, 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 170, 170, 170, 170, 170, 170, 170, 170), "Invalid insertion in zero-initialized buffer with offset 0"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (1, 85, 85, 85, 85, 85, 85, 85, 84), "Invalid insertion in zero-initialized buffer with offset 1"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (2, 170, 170, 170, 170, 170, 170, 170, 168), "Invalid insertion in zero-initialized buffer with offset 2"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (5, 85, 85, 85, 85, 85, 85, 85, 80), "Invalid insertion in zero-initialized buffer with offset 3"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (10, 170, 170, 170, 170, 170, 170, 170, 160), "Invalid insertion in zero-initialized buffer with offset 4"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (21, 85, 85, 85, 85, 85, 85, 85, 64), "Invalid insertion in zero-initialized buffer with offset 5"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (42, 170, 170, 170, 170, 170, 170, 170, 128), "Invalid insertion in zero-initialized buffer with offset 6"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (85, 85, 85, 85, 85, 85, 85, 85, 0), "Invalid insertion in zero-initialized buffer with offset 7"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First + 1, Buffer'Last, 0, 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First + 1, Buffer'Last, 0, 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (255, 170, 170, 170, 170, 170, 170, 170, 170), "Invalid insertion in filled buffer with offset 0"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (255, 85, 85, 85, 85, 85, 85, 85, 85), "Invalid insertion in filled buffer with offset 1"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (254, 170, 170, 170, 170, 170, 170, 170, 171), "Invalid insertion in filled buffer with offset 2"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (253, 85, 85, 85, 85, 85, 85, 85, 87), "Invalid insertion in filled buffer with offset 3"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (250, 170, 170, 170, 170, 170, 170, 170, 175), "Invalid insertion in filled buffer with offset 4"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (245, 85, 85, 85, 85, 85, 85, 85, 95), "Invalid insertion in filled buffer with offset 5"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (234, 170, 170, 170, 170, 170, 170, 170, 191), "Invalid insertion in filled buffer with offset 6"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (213, 85, 85, 85, 85, 85, 85, 85, 127), "Invalid insertion in filled buffer with offset 7"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (0), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (0), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 0, 0, 0, 0, 255, 255, 255, 255), "Invalid insertion off one-sided pattern with offset 0"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 0, 0, 0, 1, 255, 255, 255, 254), "Invalid insertion off one-sided pattern with offset 1"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 0, 0, 0, 3, 255, 255, 255, 252), "Invalid insertion off one-sided pattern with offset 2"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 0, 0, 0, 7, 255, 255, 255, 248), "Invalid insertion off one-sided pattern with offset 3"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 0, 0, 0, 15, 255, 255, 255, 240), "Invalid insertion off one-sided pattern with offset 4"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 0, 0, 0, 31, 255, 255, 255, 224), "Invalid insertion off one-sided pattern with offset 5"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 0, 0, 0, 63, 255, 255, 255, 192), "Invalid insertion off one-sided pattern with offset 6"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 64, RFLX_Types.High_Order_First); Assert (Buffer.all, (0, 0, 0, 0, 127, 255, 255, 255, 128), "Invalid insertion off one-sided pattern with offset 7"); @@ -705,53 +705,53 @@ package body RFLX.Builtin_Types_Tests is Buffer : Bytes_Ptr := new Bytes'(Index'First .. Index'First + 2 => 0); begin Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (0), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (0), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (1, 0, 0), "Invalid insertion in zero-initialized buffer with offset 0"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (1), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (1), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (2, 0, 0), "Invalid insertion in zero-initialized buffer with offset 1"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (2), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (2), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (4, 0, 0), "Invalid insertion in zero-initialized buffer with offset 2"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (3), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (3), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (8, 0, 0), "Invalid insertion in zero-initialized buffer with offset 3"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (4), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (4), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (16, 0, 0), "Invalid insertion in zero-initialized buffer with offset 4"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (5), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (5), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (32, 0, 0), "Invalid insertion in zero-initialized buffer with offset 5"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (6), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (6), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (64, 0, 0), "Invalid insertion in zero-initialized buffer with offset 6"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (7), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (7), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (128, 0, 0), "Invalid insertion in zero-initialized buffer with offset 7"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (0), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (0), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (254, 255, 255), "Invalid insertion in filled buffer with offset 0"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (1), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (1), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (253, 255, 255), "Invalid insertion in filled buffer with offset 1"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (2), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (2), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (251, 255, 255), "Invalid insertion in filled buffer with offset 2"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (3), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (3), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (247, 255, 255), "Invalid insertion in filled buffer with offset 3"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (4), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (4), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (239, 255, 255), "Invalid insertion in filled buffer with offset 4"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (5), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (5), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (223, 255, 255), "Invalid insertion in filled buffer with offset 5"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (6), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (6), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (191, 255, 255), "Invalid insertion in filled buffer with offset 6"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (0, Buffer, Buffer'First, Buffer'First, Dynamic_Offset (7), 1, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(0), Buffer, Buffer'First, Buffer'First, Dynamic_Offset (7), 1, RFLX_Types.Low_Order_First); Assert (Buffer.all, (127, 255, 255), "Invalid insertion in filled buffer with offset 7"); RFLX_Types.Free (Buffer); @@ -764,47 +764,47 @@ package body RFLX.Builtin_Types_Tests is Buffer : Bytes_Ptr := new Bytes'(Index'First .. Index'First + 2 => 0); begin Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 0, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 0, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (1, 0, 0), "Invalid insertion in zero-initialized buffer with offset 0"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 1, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 1, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (2, 0, 0), "Invalid insertion in zero-initialized buffer with offset 1"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 2, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 2, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (4, 0, 0), "Invalid insertion in zero-initialized buffer with offset 2"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 3, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 3, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (8, 0, 0), "Invalid insertion in zero-initialized buffer with offset 3"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 4, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 4, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (16, 0, 0), "Invalid insertion in zero-initialized buffer with offset 4"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 5, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 5, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (32, 0, 0), "Invalid insertion in zero-initialized buffer with offset 5"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (1, Buffer, Buffer'First, Buffer'First, 6, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(1), Buffer, Buffer'First, Buffer'First, 6, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (64, 0, 0), "Invalid insertion in zero-initialized buffer with offset 6"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 0, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 0, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (254, 255, 255), "Invalid insertion in filled buffer with offset 0"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 1, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 1, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (253, 255, 255), "Invalid insertion in filled buffer with offset 1"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 2, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 2, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (251, 255, 255), "Invalid insertion in filled buffer with offset 2"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 3, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 3, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (247, 255, 255), "Invalid insertion in filled buffer with offset 3"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 4, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 4, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (239, 255, 255), "Invalid insertion in filled buffer with offset 4"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 5, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 5, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (223, 255, 255), "Invalid insertion in filled buffer with offset 5"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (2, Buffer, Buffer'First, Buffer'First, 6, 2, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(2), Buffer, Buffer'First, Buffer'First, 6, 2, RFLX_Types.Low_Order_First); Assert (Buffer.all, (191, 255, 255), "Invalid insertion in filled buffer with offset 6"); RFLX_Types.Free (Buffer); @@ -817,78 +817,78 @@ package body RFLX.Builtin_Types_Tests is Buffer : Bytes_Ptr := new Bytes'(Index'First .. Index'First + 2 => 0); begin Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 0, 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 0, 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (0, 21, 170), "Invalid insertion in zero-initialized buffer with offset 0"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 1, 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 1, 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (0, 21, 170), "Invalid insertion in zero-initialized buffer with offset 1"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 2, 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 2, 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (0, 85, 168), "Invalid insertion in zero-initialized buffer with offset 2"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 3, 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 3, 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (0, 85, 168), "Invalid insertion in zero-initialized buffer with offset 3"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (1, 170, 160), "Invalid insertion in zero-initialized buffer with offset 4"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (1, 85, 160), "Invalid insertion in zero-initialized buffer with offset 5"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (5, 170, 128), "Invalid insertion in zero-initialized buffer with offset 6"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (5, 85, 128), "Invalid insertion in zero-initialized buffer with offset 7"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 0, 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 0, 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (255, 245, 170), "Invalid insertion in filled buffer with offset 0"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 1, 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 1, 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (255, 213, 171), "Invalid insertion in filled buffer with offset 1"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 2, 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 2, 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (255, 213, 171), "Invalid insertion in filled buffer with offset 2"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First + 1, Buffer'Last, 3, 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First + 1, Buffer'Last, 3, 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (255, 85, 175), "Invalid insertion in filled buffer with offset 3"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (255, 170, 175), "Invalid insertion in filled buffer with offset 4"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (253, 85, 191), "Invalid insertion in filled buffer with offset 5"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (253, 170, 191), "Invalid insertion in filled buffer with offset 6"); Buffer.all := (255, 255, 255); - RFLX_Types.Insert (5461, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(5461), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (245, 85, 255), "Invalid insertion in filled buffer with offset 7"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (0), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (0), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (0, 31, 7), "Invalid insertion of 0000011111111 with offset 0"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (0, 63, 6), "Invalid insertion of 0000011111111 with offset 1"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (0, 127, 4), "Invalid insertion of 0000011111111 with offset 2"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (0, 255, 0), "Invalid insertion of 0000011111111 with offset 3"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (1, 127, 0), "Invalid insertion of 0000011111111 with offset 4"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (3, 63, 0), "Invalid insertion of 0000011111111 with offset 5"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (7, 31, 0), "Invalid insertion of 0000011111111 with offset 6"); Buffer.all := (0, 0, 0); - RFLX_Types.Insert (255, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 13, RFLX_Types.Low_Order_First); + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(255), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 13, RFLX_Types.Low_Order_First); Assert (Buffer.all, (15, 15, 0), "Invalid insertion of 0000011111111 with offset 7"); RFLX_Types.Free (Buffer); @@ -901,124 +901,124 @@ package body RFLX.Builtin_Types_Tests is Buffer : Bytes_Ptr := new Bytes'(Index'First .. Index'First + 8 => 0); begin Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First + 1, Buffer'Last, 0, 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First + 1, Buffer'Last, 0, 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (0, 170, 170, 170, 170, 170, 170, 170, 170), "Invalid insertion in zero-initialized buffer with offset 0"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (0, 85, 85, 85, 85, 85, 85, 85, 170), "Invalid insertion in zero-initialized buffer with offset 1"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (2, 170, 170, 170, 170, 170, 170, 170, 168), "Invalid insertion in zero-initialized buffer with offset 2"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (2, 85, 85, 85, 85, 85, 85, 85, 168), "Invalid insertion in zero-initialized buffer with offset 3"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (10, 170, 170, 170, 170, 170, 170, 170, 160), "Invalid insertion in zero-initialized buffer with offset 4"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (10, 85, 85, 85, 85, 85, 85, 85, 160), "Invalid insertion in zero-initialized buffer with offset 5"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (42, 170, 170, 170, 170, 170, 170, 170, 128), "Invalid insertion in zero-initialized buffer with offset 6"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (42, 85, 85, 85, 85, 85, 85, 85, 128), "Invalid insertion in zero-initialized buffer with offset 7"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First + 1, Buffer'Last, 0, 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First + 1, Buffer'Last, 0, 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (255, 170, 170, 170, 170, 170, 170, 170, 170), "Invalid insertion in filled buffer with offset 0"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (254, 85, 85, 85, 85, 85, 85, 85, 171), "Invalid insertion in filled buffer with offset 1"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (254, 170, 170, 170, 170, 170, 170, 170, 171), "Invalid insertion in filled buffer with offset 2"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (250, 85, 85, 85, 85, 85, 85, 85, 175), "Invalid insertion in filled buffer with offset 3"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (250, 170, 170, 170, 170, 170, 170, 170, 175), "Invalid insertion in filled buffer with offset 4"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (234, 85, 85, 85, 85, 85, 85, 85, 191), "Invalid insertion in filled buffer with offset 5"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (234, 170, 170, 170, 170, 170, 170, 170, 191), "Invalid insertion in filled buffer with offset 6"); Buffer.all := (255, 255, 255, 255, 255, 255, 255, 255, 255); - RFLX_Types.Insert (12297829382473034410, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(12297829382473034410), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (170, 85, 85, 85, 85, 85, 85, 85, 255), "Invalid insertion in filled buffer with offset 7"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (0), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (0), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (0, 255, 255, 255, 255, 0, 0, 0, 0), "Invalid insertion off one-sided pattern with offset 0"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (1), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (1, 255, 255, 255, 127, 0, 0, 0, 0), "Invalid insertion off one-sided pattern with offset 1"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (2), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (3, 255, 255, 255, 63, 0, 0, 0, 0), "Invalid insertion off one-sided pattern with offset 2"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (3), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (7, 255, 255, 255, 31, 0, 0, 0, 0), "Invalid insertion off one-sided pattern with offset 3"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (4), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (15, 255, 255, 255, 15, 0, 0, 0, 0), "Invalid insertion off one-sided pattern with offset 4"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (5), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (31, 255, 255, 255, 7, 0, 0, 0, 0), "Invalid insertion off one-sided pattern with offset 5"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (6), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (63, 255, 255, 255, 3, 0, 0, 0, 0), "Invalid insertion off one-sided pattern with offset 6"); Buffer.all := (0, 0, 0, 0, 0, 0, 0, 0, 0); - RFLX_Types.Insert (4294967295, Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 64, + RFLX_Types.Insert (RFLX.RFLX_Types.U64'(4294967295), Buffer, Buffer'First, Buffer'Last, Dynamic_Offset (7), 64, RFLX_Types.Low_Order_First); Assert (Buffer.all, (127, 255, 255, 255, 1, 0, 0, 0, 0), "Invalid insertion off one-sided pattern with offset 7"); diff --git a/tests/spark/rflx-derivation_tests.adb b/tests/spark/rflx-derivation_tests.adb index 1bb9c6d26..e3da54510 100644 --- a/tests/spark/rflx-derivation_tests.adb +++ b/tests/spark/rflx-derivation_tests.adb @@ -45,7 +45,7 @@ package body RFLX.Derivation_Tests is SPARK_Mode, Pre => True is pragma Unreferenced (T); - use type RFLX_Types.U64; + use type RFLX_Types.S63; Buffer : RFLX_Builtin_Types.Bytes_Ptr := new RFLX_Builtin_Types.Bytes'(1, 0, 4, 0, 0, 0, 0); Context : Derivation.Message.Context; Tag : TLV.Tag; @@ -57,7 +57,7 @@ package body RFLX.Derivation_Tests is if Derivation.Message.Valid (Context, Derivation.Message.F_Tag) then Tag := Derivation.Message.Get_Tag (Context); Assert (Tag'Image, TLV.Tag'Image (TLV.Msg_Data), "Unexpected Tag"); - Assert (TLV.To_U64 (Tag) = 1, "Invalid conversion of Tag"); + Assert (TLV.To_S63 (Tag) = 1, "Invalid conversion of Tag"); Assert (Derivation.Message.Valid (Context, Derivation.Message.F_Length), "Invalid Length"); if Derivation.Message.Valid (Context, Derivation.Message.F_Length) then Length := Derivation.Message.Get_Length (Context); diff --git a/tests/spark/rflx-tlv_tests.adb b/tests/spark/rflx-tlv_tests.adb index 560786e36..8e203b259 100644 --- a/tests/spark/rflx-tlv_tests.adb +++ b/tests/spark/rflx-tlv_tests.adb @@ -44,7 +44,7 @@ package body RFLX.TLV_Tests is SPARK_Mode, Pre => True is pragma Unreferenced (T); - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; Buffer : RFLX_Builtin_Types.Bytes_Ptr := new RFLX_Builtin_Types.Bytes'(1, 0, 4, 1, 2, 3, 4); Context : TLV.Message.Context; Tag : TLV.Tag; @@ -57,7 +57,7 @@ package body RFLX.TLV_Tests is if TLV.Message.Valid (Context, TLV.Message.F_Tag) then Tag := TLV.Message.Get_Tag (Context); Assert (Tag'Image, TLV.Tag'Image (TLV.Msg_Data), "Unexpected Tag"); - Assert (TLV.To_U64 (Tag) = 1, "Invalid conversion of Tag"); + Assert (TLV.To_S63 (Tag) = 1, "Invalid conversion of Tag"); Assert (TLV.Message.Valid (Context, TLV.Message.F_Length), "Invalid Length"); if TLV.Message.Valid (Context, TLV.Message.F_Length) then Length := TLV.Message.Get_Length (Context); diff --git a/tests/spark/test.gpr b/tests/spark/test.gpr index abdb457b4..fae8faf5d 100644 --- a/tests/spark/test.gpr +++ b/tests/spark/test.gpr @@ -68,7 +68,7 @@ project Test is package Prove is for Proof_Switches ("Ada") use Defaults.Proof_Switches; - for Proof_Switches ("rflx-custom_types_tests.adb") use ("--prover=Z3,altergo,CVC4", "--steps=900000", "--timeout=210"); + for Proof_Switches ("rflx-custom_types_tests.adb") use ("--prover=Z3,altergo,CVC4,colibri", "--steps=900000", "--timeout=210"); end Prove; end Test; diff --git a/tests/unit/generator_test.py b/tests/unit/generator_test.py index 9e8f7fe30..f1d3598aa 100644 --- a/tests/unit/generator_test.py +++ b/tests/unit/generator_test.py @@ -223,14 +223,14 @@ def test_substitution_relation_aggregate( ( expr.Variable("Value"), expr.TRUE, - expr.Call("RFLX_Types::U64", [expr.Variable("Value")]), - expr.Call("RFLX_Types::U64", [expr.Call("To_U64", [expr.TRUE])]), + expr.Call("RFLX_Types::S63", [expr.Variable("Value")]), + expr.Call("RFLX_Types::S63", [expr.Call("To_S63", [expr.TRUE])]), ), ( expr.FALSE, expr.Variable("Value"), - expr.Call("RFLX_Types::U64", [expr.Variable("Value")]), - expr.Call("RFLX_Types::U64", [expr.Call("To_U64", [expr.FALSE])]), + expr.Call("RFLX_Types::S63", [expr.Variable("Value")]), + expr.Call("RFLX_Types::S63", [expr.Call("To_S63", [expr.FALSE])]), ), ], ) @@ -2638,16 +2638,16 @@ class GeneratorTestCase: Size => 8; - use type RFLX.RFLX_Types.U64; + use type RFLX.RFLX_Types.S63; - function Valid_Range_Integer (Val : RFLX.RFLX_Types.U64) return Boolean is + function Valid_Range_Integer (Val : RFLX.RFLX_Types.S63) return Boolean is (Val >= 1 and Val <= 100); - function To_U64 (Val : RFLX.P.Range_Integer) return RFLX.RFLX_Types.U64 is - (RFLX.RFLX_Types.U64 (Val)); + function To_S63 (Val : RFLX.P.Range_Integer) return RFLX.RFLX_Types.S63 is + (RFLX.RFLX_Types.S63 (Val)); - function To_Actual (Val : RFLX.RFLX_Types.U64) return RFLX.P.Range_Integer is + function To_Actual (Val : RFLX.RFLX_Types.S63) return RFLX.P.Range_Integer is (RFLX.P.Range_Integer (Val)) with Pre =>