[Ada] Check for container tampering

[Arnaud Charlet <charlet at adacore dot com>]

There are several operations that call the generic formal less-than
operator. In principle it is possible for the generic actual to tamper with the
elements of the container while the operation is in progress, but such behavior
would be undefined. AI05-0022 requires that the implementation detect when
container manipulation occurs through the generic formal operator, and to raise
Program_Error as necessary to prevent erroneous execution.

We do that here by incrementing the lock counters before any element
comparisons. If tamper-sensitive operations are called while the loop is
executing, the non-zero lock count will be detected and Program_Error raised.

The text of AI05-0022 can be found here:

http://www.ada-auth.org/cgi-bin/cvsweb.cgi/ai05s/ai05-0022-1.txt

Tested on x86_64-pc-linux-gnu, committed on trunk

2013-04-11  Matthew Heaney  <heaney@adacore.com>

	* a-crbtgk.adb (Ceiling, Find, Floor): Adjust locks
	before element comparisons.
	(Generic_Conditional_Insert, Generic_Conditional_Insert_With_Hint):
	Ditto.
	* a-crbtgo.adb, a-rbtgbo.adb (Generic_Equal): Adjust locks before
	element comparisons.
	* a-rbtgso.adb (Difference, Intersection): Adjust locks
	before element comparisons.
	(Is_Subset, Overlap): Ditto
	(Symmetric_Difference, Union): Ditto
	* a-btgbso.adb (Set_Difference, Set_Intersection): Adjust locks
	before element comparisons.
	(Set_Subset, Set_Overlap): Ditto
	(Set_Symmetric_Difference, Set_Union): Ditto
	* a-coorse.adb, a-ciorse.adb, a-cborse.adb
	(Update_Element_Preserving_Key): Adjust locks before element
	comparisons (Replace_Element): Ditto

Attachment: difs
Description: Text document