Ada Conformity Assessment Authority      Home Conformity Assessment   Test Suite ARGAda Standard
 
Annotated Ada Reference Manual (Ada 2022)Legal Information
Contents   Index   References   Search   Previous   Next 

A.18.25 The Generic Package Containers.Bounded_Multiway_Trees

1/3
{AI05-0136-1} The language-defined generic package Containers.Bounded_Multiway_Trees provides a private type Tree and a set of operations. It provides the same operations as the package Containers.Multiway_Trees (see A.18.10), with the difference that the maximum storage is bounded. 

Static Semantics

2/3
{AI05-0136-1} The declaration of the generic library package Containers.Bounded_Multiway_Trees has the same contents and semantics as Containers.Multiway_Trees except:
3/5
{AI12-0112-1} The aspect pragma Preelaborate is replaced with aspect pragma Pure. Aspect Global is deleted.
4/3
The type Tree is declared with a discriminant that specifies the capacity (maximum number of elements) as follows: 
5/5
{AI12-0112-1}   type Tree (Capacity : Count_Type) is tagged private...;
5.1/5
{AI12-0409-1} The aspect_definition for Preelaborable_Initialization for type Tree is changed to:
5.2/5
  Preelaborable_Initialization =>
     Element_Type'Preelaborable_Initialization
6/3
The type Tree needs finalization if and only if type Element_Type needs finalization.
6.a/3
Implementation Note: {AI05-0212-1} The type Tree cannot depend on package Ada.Finalization unless the element type depends on that package. The objects returned from the Iterator and Reference functions probably do depend on package Ada.Finalization. Restricted environments may need to avoid use of those functions and their associated types. 
6.1/5
{AI12-0339-1} The function Empty is replaced by:
6.2/5
   function Empty (Capacity : Count_Type := implementation-defined)
      return Tree
      with Post =>
            Empty'Result.Capacity = Capacity and then
            not Tampering_With_Elements_Prohibited (Empty'Result) and then
            not Tampering_With_Cursors_Prohibited (Empty'Result) and then
            Node_Count (Empty'Result) = 1;
7/5
{AI12-0112-1} For procedures Insert_Child, Prepend_Child, and Append_Child, the initial subexpression of the precondition is replaced with: The allocation of internal storage includes a check that the capacity is not exceeded, and Capacity_Error is raised if this check fails.
7.1/5
      with Pre => (not Tampering_With_Cursors_Prohibited (Container)
                     or else raise Program_Error) and then
                  (Node_Count (Container) - 1 <= Container.Capacity - Count
                     or else raise Capacity_Error)
8/5
{AI12-0112-1} In procedure Assign, the precondition is altered to: if Source length is greater than Target capacity, then Capacity_Error is propagated.
8.1/5
   Pre => (not Tampering_With_Cursors_Prohibited (Target)
             or else raise Program_Error) and then
          (Node_Count (Source) - 1 <= Target.Capacity
             or else raise Capacity_Error),
9/3
Function Copy is declared as follows: 
10/4
{AI12-0056-1}   function Copy (Source : Tree; Capacity : Count_Type := 0)
     return Tree List
     with Pre  => Capacity = 0 or else Capacity >= Node_Count (Source) - 1
                     or else raise Capacity_Error,
          Post => 
             Node_Count (Copy'Result) = Node_Count (Source) and then
             not Tampering_With_Elements_Prohibited (Copy'Result) and then
             not Tampering_With_Cursors_Prohibited (Copy'Result) and then
             Copy'Result.Capacity = (if Capacity = 0 then
                Node_Count (Source) - 1 else Capacity);
11/5
Returns a list whose elements have the same values as the elements of Source. If Capacity is 0, then the tree capacity is the count of Source; if Capacity is equal to or greater than Source.Count, the tree capacity equals the value of the Capacity parameter; otherwise, the operation propagates Capacity_Error. 
11.1/5
{AI12-0112-1} In the four-parameter procedure Copy_Subtree, the last or else of the precondition is replaced by:
11.2/5
      (not Is_Root (Source)
         or else raise Constraint_Error) and then
      (Node_Count (Target) - 1 + Subtree_Node_Count (Source) <= 
         Target.Capacity
         or else raise Capacity_Error),
11.3/5
{AI12-0112-1} In the five-parameter procedure Copy_Subtree, the last or else of the precondition is replaced by:
11.4/5
       (not Is_Root (Source, Subtree)
          or else raise Constraint_Error) and then
       (Node_Count (Target) - 1 +
             Subtree_Node_Count (Source, Subtree) <= Target.Capacity
          or else raise Capacity_Error),
11.5/5
{AI12-0112-1} In Copy_Local_Subtree, the last or else of the precondition is replaced by:
11.6/5
       (not Is_Root (Source, Subtree)
          or else raise Constraint_Error) and then
       (Node_Count (Target) - 1 +
             Subtree_Node_Count (Target, Source) <= Target.Capacity
          or else raise Capacity_Error),
12/5
{AI05-0136-1} {AI05-0248-1} {AI12-0112-1} In the five-parameter procedure Splice_Subtree, the penultimate or else of the precondition is replaced by: if Source is not the same object as Target, and if the sum of Target.Count and Subtree_Node_Count (Position) is greater than Target.Capacity, then Splice_Subtree propagates Capacity_Error.
12.1/5
       (Has_Element (Source, Position)
          or else raise Program_Error) and then
       (Target'Has_Same_Storage (Source) or else
        Node_Count (Target) - 1 +
          Subtree_Node_Count (Source, Position) <= Target.Capacity
          or else raise Capacity_Error) and then
13/5
{AI05-0136-1} {AI05-0248-1} {AI12-0112-1} In the five-parameter procedure Splice_Children, the penultimate elsif of the precondition is replaced by: if Source is not the same object as Target, and if the sum of Target.Count and Subtree_Node_Count (Source_Parent)-1 is greater than Target.Capacity, then Splice_Children propagates Capacity_Error.
13.1/5
      (Before = No_Element or else
       Parent (Target, Before) /= Target_Parent
         or else raise Constraint_Error) and then
      (Target'Has_Same_Storage (Source) or else
       Node_Count (Target) - 1 +
         Child_Count (Source, Source_Parent) <= Target.Capacity
         or else raise Capacity_Error) and then

Bounded (Run-Time) Errors

14/3
{AI05-0160-1} {AI05-0265-1} It is a bounded error to assign from a bounded tree object while tampering with elements [or cursors] of that object is prohibited. Either Program_Error is raised by the assignment, execution proceeds with the target object prohibiting tampering with elements [or cursors], or execution proceeds normally. 
14.a/3
Proof: Tampering with elements includes tampering with cursors, so we only really need to talk about tampering with elements here; we mention cursors for clarity. 

Erroneous Execution

15/3
{AI05-0265-1} When a bounded tree object T is finalized, if tampering with cursors is prohibited for T other than due to an assignment from another tree, then execution is erroneous.
15.a/3
Reason: This is a tampering event, but since the implementation is not allowed to use Ada.Finalization, it is not possible in a pure Ada implementation to detect this error. (There is no Finalize routine that will be called that could make the check.) Since the check probably cannot be made, the bad effects that could occur (such as an iterator going into an infinite loop or accessing a nonexistent element) cannot be prevented and we have to allow anything. We do allow re-assigning an object that only prohibits tampering because it was copied from another object as that cannot cause any negative effects. 

Implementation Requirements

16/3
{AI05-0184-1} {AI05-0264-1} For each instance of Containers.Multiway_Trees and each instance of Containers.Bounded_Multiway_Trees, if the two instances meet the following conditions, then the output generated by the Tree'Output or Tree'Write subprograms of either instance shall be readable by the Tree'Input or Tree'Read of the other instance, respectively:
17/3
{AI05-0184-1} {AI05-0248-1} the Element_Type parameters of the two instances are statically matching subtypes of the same type; and
18/3
{AI05-0184-1} the output generated by Element_Type'Output or Element_Type'Write is readable by Element_Type'Input or Element_Type'Read, respectively (where Element_Type denotes the type of the two actual Element_Type parameters).

Implementation Advice

19/3
{AI05-0136-1} Bounded tree objects should be implemented without implicit pointers or dynamic allocation. 
19.a.1/3
Implementation Advice: Bounded tree objects should be implemented without implicit pointers or dynamic allocation.
20/3
{AI05-0136-1} The implementation advice for procedure Move to minimize copying does not apply. 
20.a.1/3
Implementation Advice: The implementation advice for procedure Move to minimize copying does not apply to bounded trees.

Extensions to Ada 2005

20.a/3
{AI05-0136-1} {AI05-0184-1} The generic package Containers.Bounded_Multiway_Trees is new. 

Inconsistencies With Ada 2012

20.b/5
{AI12-0111-1} Correction: Tampering with elements is now defined to be equivalent to tampering with cursors for bounded containers. If a program requires tampering detection to work, it might fail in Ada 2022. Needless to say, this shouldn't happen outside of test programs. See Inconsistencies With Ada 2012 in A.18.2 for more details. 

Incompatibilities With Ada 2012

20.c/5
{AI12-0409-1} Correction:A bounded tree now only has Preelaborable_Initialization (abbreviated PI in this note) when the actual for the Element_Type has PI. If an program used a tree whose actual Element_Type does not have PI in a context when PI is required (such as a library-level object in a preelaborated unit or as a component of a type with PI), the program would be illegal in Ada 2022 but legal in original Ada 2012. This situation is unlikely, especially as some existing Ada 2012 implementations reject the instance in this case. 
Contents   Index   References   Search   Previous   Next 
Ada-Europe Ada 2005 and 2012 Editions sponsored in part by Ada-Europe