The Ada 95 Reference Manual has specific requirements for checking for invalid values. In particular, RM 13.9.1 requires that the evaluation of invalid values (for example from unchecked conversions), not result in erroneous execution. In GNAT, the result of such an evaluation in normal default mode is to either use the value unmodified, or to raise Constraint_Error in those cases where use of the unmodified value would cause erroneous execution. The cases where unmodified values might lead to erroneous execution are case statements (where a wild jump might result from an invalid value), and subscripts on the left hand side (where memory corruption could occur as a result of an invalid value).
The -gnatVx switch allows more control over the validity
x argument is a string of letters that
indicate validity checks that are performed or not performed in addition
to the default checks described above.
inshould be validity checked.
inmode parameters Arguments for parameters of mode
inare validity checked in function and procedure calls at the point of call.
in outmode parameters. Arguments for parameters of mode
in outare validity checked in procedure calls at the point of call. The
'm'here stands for modify, since this concerns parameters that can be modified by the call. Note that there is no specific option to test
outparameters, but any reference within the subprogram will be tested in the usual manner, and if an invalid value is copied back, any reference to it will be subject to validity checking.
Standard, the shift operators defined as intrinsic in package
Interfacesand operands for attributes such as
Pos. Checks are also made on individual component values for composite comparisons, and on the expressions in type conversions and qualified expressions.
returnstatements in functions is validity checked.
exitstatements are checked, as well as guard expressions in entry calls.
The -gnatV switch may be followed by
a string of letters
to turn on a series of validity checking options.
specifies that in addition to the default validity checking, copies and
function return expressions are to be validity checked.
In order to make it easier
to specify the desired combination of effects,
the upper case letters
be used to turn off the corresponding lower case option.
turns on all validity checking options except for
checking of in out procedure arguments.
The specification of additional validity checking generates extra code (and
in the case of -gnatVa the code expansion can be substantial.
However, these additional checks can be very useful in detecting
uninitialized variables, incorrect use of unchecked conversion, and other
errors leading to invalid values. The use of pragma
is useful in conjunction with the extra validity checking, since this
ensures that wherever possible uninitialized variables have invalid values.
See also the pragma
Validity_Checks which allows modification of
the validity checking mode at the program source level, and also allows for
temporary disabling of validity checks.