------------------------------------------------------------------------------ -- -- -- GNAT RUN-TIME LIBRARY (GNARL) COMPONENTS -- -- -- -- A D A . R E A L _ T I M E -- -- -- -- B o d y -- -- -- -- Copyright (C) 1991-2017, Florida State University -- -- Copyright (C) 1995-2019, AdaCore -- -- -- -- GNAT is free software; you can redistribute it and/or modify it under -- -- terms of the GNU General Public License as published by the Free Soft- -- -- ware Foundation; either version 3, or (at your option) any later ver- -- -- sion. GNAT is distributed in the hope that it will be useful, but WITH- -- -- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -- -- or FITNESS FOR A PARTICULAR PURPOSE. -- -- -- -- As a special exception under Section 7 of GPL version 3, you are granted -- -- additional permissions described in the GCC Runtime Library Exception, -- -- version 3.1, as published by the Free Software Foundation. -- -- -- -- You should have received a copy of the GNU General Public License and -- -- a copy of the GCC Runtime Library Exception along with this program; -- -- see the files COPYING3 and COPYING.RUNTIME respectively. If not, see -- -- . -- -- -- -- GNARL was developed by the GNARL team at Florida State University. -- -- Extensive contributions were provided by Ada Core Technologies, Inc. -- -- -- ------------------------------------------------------------------------------ with System.Tasking; with Unchecked_Conversion; package body Ada.Real_Time with SPARK_Mode => Off is --------- -- "*" -- --------- -- Note that Constraint_Error may be propagated function "*" (Left : Time_Span; Right : Integer) return Time_Span is pragma Unsuppress (Overflow_Check); begin return Time_Span (Duration (Left) * Right); end "*"; function "*" (Left : Integer; Right : Time_Span) return Time_Span is pragma Unsuppress (Overflow_Check); begin return Time_Span (Left * Duration (Right)); end "*"; --------- -- "+" -- --------- -- Note that Constraint_Error may be propagated function "+" (Left : Time; Right : Time_Span) return Time is pragma Unsuppress (Overflow_Check); begin return Time (Duration (Left) + Duration (Right)); end "+"; function "+" (Left : Time_Span; Right : Time) return Time is pragma Unsuppress (Overflow_Check); begin return Time (Duration (Left) + Duration (Right)); end "+"; function "+" (Left, Right : Time_Span) return Time_Span is pragma Unsuppress (Overflow_Check); begin return Time_Span (Duration (Left) + Duration (Right)); end "+"; --------- -- "-" -- --------- -- Note that Constraint_Error may be propagated function "-" (Left : Time; Right : Time_Span) return Time is pragma Unsuppress (Overflow_Check); begin return Time (Duration (Left) - Duration (Right)); end "-"; function "-" (Left, Right : Time) return Time_Span is pragma Unsuppress (Overflow_Check); begin return Time_Span (Duration (Left) - Duration (Right)); end "-"; function "-" (Left, Right : Time_Span) return Time_Span is pragma Unsuppress (Overflow_Check); begin return Time_Span (Duration (Left) - Duration (Right)); end "-"; function "-" (Right : Time_Span) return Time_Span is pragma Unsuppress (Overflow_Check); begin return Time_Span_Zero - Right; end "-"; --------- -- "/" -- --------- -- Note that Constraint_Error may be propagated function "/" (Left, Right : Time_Span) return Integer is pragma Unsuppress (Overflow_Check); pragma Unsuppress (Division_Check); -- RM D.8 (27) specifies the effects of operators on Time_Span, and -- rounding of the division operator in particular, to be the same as -- effects on integer types. To get the correct rounding we first -- convert Time_Span to its root type Duration, which is represented as -- a 64-bit signed integer, and then use integer division. type Duration_Rep is range -(2 ** 63) .. +((2 ** 63 - 1)); function To_Integer is new Unchecked_Conversion (Duration, Duration_Rep); begin return Integer (To_Integer (Duration (Left)) / To_Integer (Duration (Right))); end "/"; function "/" (Left : Time_Span; Right : Integer) return Time_Span is pragma Unsuppress (Overflow_Check); pragma Unsuppress (Division_Check); begin -- Even though checks are unsuppressed, we need an explicit check for -- the case of largest negative integer divided by minus one, since -- some library routines we use fail to catch this case. This will be -- fixed at the compiler level in the future, at which point this test -- can be removed. if Left = Time_Span_First and then Right = -1 then raise Constraint_Error with "overflow"; end if; return Time_Span (Duration (Left) / Right); end "/"; ----------- -- Clock -- ----------- function Clock return Time is begin return Time (System.Task_Primitives.Operations.Monotonic_Clock); end Clock; ------------------ -- Microseconds -- ------------------ function Microseconds (US : Integer) return Time_Span is begin return Time_Span_Unit * US * 1_000; end Microseconds; ------------------ -- Milliseconds -- ------------------ function Milliseconds (MS : Integer) return Time_Span is begin return Time_Span_Unit * MS * 1_000_000; end Milliseconds; ------------- -- Minutes -- ------------- function Minutes (M : Integer) return Time_Span is begin return Milliseconds (M) * Integer'(60_000); end Minutes; ----------------- -- Nanoseconds -- ----------------- function Nanoseconds (NS : Integer) return Time_Span is begin return Time_Span_Unit * NS; end Nanoseconds; ------------- -- Seconds -- ------------- function Seconds (S : Integer) return Time_Span is begin return Milliseconds (S) * Integer'(1000); end Seconds; ----------- -- Split -- ----------- procedure Split (T : Time; SC : out Seconds_Count; TS : out Time_Span) is T_Val : Time; begin -- Special-case for Time_First, whose absolute value is anomalous, -- courtesy of two's complement. T_Val := (if T = Time_First then abs (Time_Last) else abs (T)); -- Extract the integer part of T, truncating towards zero SC := (if T_Val < 0.5 then 0 else Seconds_Count (Time_Span'(T_Val - 0.5))); if T < 0.0 then SC := -SC; end if; -- If original time is negative, need to truncate towards negative -- infinity, to make TS non-negative, as per ARM. if Time (SC) > T then SC := SC - 1; end if; TS := Time_Span (Duration (T) - Duration (SC)); end Split; ------------- -- Time_Of -- ------------- function Time_Of (SC : Seconds_Count; TS : Time_Span) return Time is pragma Suppress (Overflow_Check); pragma Suppress (Range_Check); -- We do all our own checks for this function -- This is not such a simple case, since TS is already 64 bits, and -- so we can't just promote everything to a wider type to ensure proper -- testing for overflow. The situation is that Seconds_Count is a MUCH -- wider type than Time_Span and Time (both of which have the underlying -- type Duration). -- <------------------- Seconds_Count --------------------> -- <-- Duration --> -- Now it is possible for an SC value outside the Duration range to -- be "brought back into range" by an appropriate TS value, but there -- are also clearly SC values that are completely out of range. Note -- that the above diagram is wildly out of scale, the difference in -- ranges is much greater than shown. -- We can't just go generating out of range Duration values to test for -- overflow, since Duration is a full range type, so we follow the steps -- shown below. SC_Lo : constant Seconds_Count := Seconds_Count (Duration (Time_Span_First) + Duration'(0.5)); SC_Hi : constant Seconds_Count := Seconds_Count (Duration (Time_Span_Last) - Duration'(0.5)); -- These are the maximum values of the seconds (integer) part of the -- Duration range. Used to compute and check the seconds in the result. TS_SC : Seconds_Count; -- Seconds part of input value TS_Fraction : Duration; -- Fractional part of input value, may be negative Result_SC : Seconds_Count; -- Seconds value for result Fudge : constant Seconds_Count := 10; -- Fudge value used to do end point checks far from end point FudgeD : constant Duration := Duration (Fudge); -- Fudge value as Duration Fudged_Result : Duration; -- Result fudged up or down by FudgeD procedure Out_Of_Range; pragma No_Return (Out_Of_Range); -- Raise exception for result out of range ------------------ -- Out_Of_Range -- ------------------ procedure Out_Of_Range is begin raise Constraint_Error with "result for Ada.Real_Time.Time_Of is out of range"; end Out_Of_Range; -- Start of processing for Time_Of begin -- If SC is so far out of range that there is no possibility of the -- addition of TS getting it back in range, raise an exception right -- away. That way we don't have to worry about SC values overflowing. if SC < 3 * SC_Lo or else SC > 3 * SC_Hi then Out_Of_Range; end if; -- Decompose input TS value TS_SC := Seconds_Count (Duration (TS)); TS_Fraction := Duration (TS) - Duration (TS_SC); -- Compute result seconds. If clearly out of range, raise error now Result_SC := SC + TS_SC; if Result_SC < (SC_Lo - 1) or else Result_SC > (SC_Hi + 1) then Out_Of_Range; end if; -- Now the result is simply Result_SC + TS_Fraction, but we can't just -- go computing that since it might be out of range. So what we do is -- to compute a value fudged down or up by 10.0 (arbitrary value, but -- that will do fine), and check that fudged value, and if in range -- unfudge it and return the result. -- Fudge positive result down, and check high bound if Result_SC > 0 then Fudged_Result := Duration (Result_SC - Fudge) + TS_Fraction; if Fudged_Result <= Duration'Last - FudgeD then return Time (Fudged_Result + FudgeD); else Out_Of_Range; end if; -- Same for negative values of seconds, fudge up and check low bound else Fudged_Result := Duration (Result_SC + Fudge) + TS_Fraction; if Fudged_Result >= Duration'First + FudgeD then return Time (Fudged_Result - FudgeD); else Out_Of_Range; end if; end if; end Time_Of; ----------------- -- To_Duration -- ----------------- function To_Duration (TS : Time_Span) return Duration is begin return Duration (TS); end To_Duration; ------------------ -- To_Time_Span -- ------------------ function To_Time_Span (D : Duration) return Time_Span is begin -- Note regarding AI-00432 requiring range checking on this conversion. -- In almost all versions of GNAT (and all to which this version of the -- Ada.Real_Time package apply), the range of Time_Span and Duration are -- the same, so there is no issue of overflow. return Time_Span (D); end To_Time_Span; begin -- Ensure that the tasking run time is initialized when using clock and/or -- delay operations. The initialization routine has the required machinery -- to prevent multiple calls to Initialize. System.Tasking.Initialize; end Ada.Real_Time;