Next: Controlling Elaboration in GNAT - External Calls, Previous: Controlling the Elaboration Order in Ada 95, Up: Elaboration Order Handling in GNAT
In the case of internal calls, i.e. calls within a single package, the programmer has full control over the order of elaboration, and it is up to the programmer to elaborate declarations in an appropriate order. For example writing:
function One return Float; Q : Float := One; function One return Float is begin return 1.0; end One; |
will obviously raise Program_Error
at run time, because function
One will be called before its body is elaborated. In this case GNAT will
generate a warning that the call will raise Program_Error
:
1. procedure y is 2. function One return Float; 3. 4. Q : Float := One; | >>> warning: cannot call "One" before body is elaborated >>> warning: Program_Error will be raised at run time 5. 6. function One return Float is 7. begin 8. return 1.0; 9. end One; 10. 11. begin 12. null; 13. end; |
Note that in this particular case, it is likely that the call is safe, because
the function One
does not access any global variables.
Nevertheless in Ada 95, we do not want the validity of the check to depend on
the contents of the body (think about the separate compilation case), so this
is still wrong, as we discussed in the previous sections.
The error is easily corrected by rearranging the declarations so that the body of One appears before the declaration containing the call (note that in Ada 95, declarations can appear in any order, so there is no restriction that would prevent this reordering, and if we write:
function One return Float; function One return Float is begin return 1.0; end One; Q : Float := One; |
then all is well, no warning is generated, and no
Program_Error
exception
will be raised.
Things are more complicated when a chain of subprograms is executed:
function A return Integer; function B return Integer; function C return Integer; function B return Integer is begin return A; end; function C return Integer is begin return B; end; X : Integer := C; function A return Integer is begin return 1; end; |
Now the call to C
at elaboration time in the declaration of X
is correct, because
the body of C
is already elaborated,
and the call to B
within the body of
C
is correct, but the call
to A
within the body of B
is incorrect, because the body
of A
has not been elaborated, so Program_Error
will be raised on the call to A
.
In this case GNAT will generate a
warning that Program_Error
may be
raised at the point of the call. Let's look at the warning:
1. procedure x is 2. function A return Integer; 3. function B return Integer; 4. function C return Integer; 5. 6. function B return Integer is begin return A; end; | >>> warning: call to "A" before body is elaborated may raise Program_Error >>> warning: "B" called at line 7 >>> warning: "C" called at line 9 7. function C return Integer is begin return B; end; 8. 9. X : Integer := C; 10. 11. function A return Integer is begin return 1; end; 12. 13. begin 14. null; 15. end; |
Note that the message here says “may raise”, instead of the direct case,
where the message says “will be raised”. That's because whether
A
is
actually called depends in general on run-time flow of control.
For example, if the body of B
said
function B return Integer is begin if some-condition-depending-on-input-data then return A; else return 1; end if; end B; |
then we could not know until run time whether the incorrect call to A would
actually occur, so Program_Error
might
or might not be raised. It is possible for a compiler to
do a better job of analyzing bodies, to
determine whether or not Program_Error
might be raised, but it certainly
couldn't do a perfect job (that would require solving the halting problem
and is provably impossible), and because this is a warning anyway, it does
not seem worth the effort to do the analysis. Cases in which it
would be relevant are rare.
In practice, warnings of either of the forms given above will usually correspond to real errors, and should be examined carefully and eliminated. In the rare case where a warning is bogus, it can be suppressed by any of the following methods:
Elaboration_Check
for the called subprogram
Warnings_Off
to turn warnings off for the call
For the internal elaboration check case,
GNAT by default generates the
necessary run-time checks to ensure
that Program_Error
is raised if any
call fails an elaboration check. Of course this can only happen if a
warning has been issued as described above. The use of pragma
Suppress (Elaboration_Check)
may (but is not guaranteed to) suppress
some of these checks, meaning that it may be possible (but is not
guaranteed) for a program to be able to call a subprogram whose body
is not yet elaborated, without raising a Program_Error
exception.