A.18.21 The Generic Package Containers.Bounded_Hashed_Maps
{
AI05-0001-1}
The language-defined generic package Containers.Bounded_Hashed_Maps
provides a private type Map and a set of operations. It provides the
same operations as the package Containers.Hashed_Maps (see
A.18.5),
with the difference that the maximum storage is bounded.
Static Semantics
{
AI05-0001-1}
The declaration of the generic library package Containers.Bounded_Hashed_Maps
has the same contents and semantics as Containers.Hashed_Maps except:
{
AI12-0112-1}
The aspect Preelaborate is replaced with aspect Pure. Aspect Global is
deleted.
The type Map is declared
with discriminants that specify both the capacity (number of elements)
and modulus (number of distinct hash values) of the hash table as follows:
{
AI12-0112-1}
type Map (Capacity : Count_Type;
Modulus : Hash_Type)
is tagged private...
Preelaborable_Initialization =>
Element_Type'Preelaborable_Initialization
and
Key_Type'Preelaborable_Initialization
The type Map needs finalization if and only if
type Key_Type or type Element_Type needs finalization.
Implementation Note: {
AI05-0212-1}
The type Map cannot depend on package Ada.Finalization unless the element
or key type depends on that package. The objects returned from the Iterator
and Reference functions probably do depend on package Ada.Finalization.
Restricted environments may need to avoid use of those functions and
their associated types.
{
AI12-0339-1}
In function Empty, the postcondition is altered to:
Post =>
Empty'Result.Capacity = Capacity and then
Empty'Result.Modulus = Default_Modulus (Capacity) and then
not Tampering_With_Elements_Prohibited (Empty'Result) and then
not Tampering_With_Cursors_Prohibited (Empty'Result) and then
Length (Empty'Result) = 0;
The description of
Reserve_Capacity is replaced with:
{
AI12-0112-1}
procedure Reserve_Capacity (Container :
in out Map;
Capacity :
in Count_Type)
with Pre => Capacity <= Container.Capacity
or else raise Capacity_Error;
{
AI12-0112-1}
This operation has no effect, [other than checking the precondition].
An additional operation
is added immediately following Reserve_Capacity:
function Default_Modulus (Capacity : Count_Type)
return Hash_Type;
Default_Modulus returns an implementation-defined
value for the number of distinct hash values to be used for the given
capacity (maximum number of elements).
{
AI12-0112-1}
For procedures Insert and Include, the part of the precondition reading:
(<some length> <= Count_Type'Last - <some other length>
or else raise Constraint_Error)
is replaced
by:
(<some length> <= Count_Type'Last - <some other length>
or else raise Constraint_Error) and then
(<some length> > Container.Capacity - <some other length>
or else raise Capacity_Error)
{
AI12-0112-1}
In procedure Assign, the precondition is altered to:
Pre => (not Tampering_With_Cursors_Prohibited (Target)
or else raise Program_Error) and then
(Length (Source) <= Target.Capacity
or else raise Capacity_Error),
The function Copy
is replaced with:
{
AI12-0112-1}
function Copy (Source : Map;
Capacity : Count_Type := 0;
Modulus : Hash_Type := 0)
return Map
with Pre => Capacity = 0
or else Capacity >= Length (Source)
or else raise Capacity_Error,
Post =>
Length (Copy'Result) = Length (Source)
and then
not Tampering_With_Elements_Prohibited (Copy'Result)
and then
not Tampering_With_Cursors_Prohibited (Copy'Result)
and then
Copy'Result.Capacity = (
if Capacity = 0
then
Length (Source)
else Capacity)
and then
Copy'Result.Modulus = (
if Modulus = 0
then
Default_Modulus (Capacity)
else Modulus);
{
AI05-0264-1}
Returns a map with key/element pairs initialized from the values in Source.
Bounded (Run-Time) Errors
{
AI05-0160-1}
{
AI05-0265-1}
It is a bounded error to assign from a bounded map
object while tampering with elements [or cursors] of that object is prohibited.
Either Program_Error is raised by the assignment, execution proceeds
with the target object prohibiting tampering with elements [or cursors],
or execution proceeds normally.
Proof: Tampering with elements includes
tampering with cursors, so we only really need to talk about tampering
with elements here; we mention cursors for clarity.
Erroneous Execution
{
AI05-0265-1}
When a bounded map object
M is finalized, if tampering with cursors
is prohibited for
M other than due to an assignment from another
map, then execution is erroneous.
Reason: This is a tampering event, but
since the implementation is not allowed to use Ada.Finalization, it is
not possible in a pure Ada implementation to detect this error. (There
is no Finalize routine that will be called that could make the check.)
Since the check probably cannot be made, the bad effects that could occur
(such as an iterator going into an infinite loop or accessing a nonexistent
element) cannot be prevented and we have to allow anything. We do allow
re-assigning an object that only prohibits tampering because it was copied
from another object as that cannot cause any negative effects.
Implementation Requirements
{
AI05-0184-1}
{
AI05-0264-1}
For each instance of Containers.Hashed_Maps and each instance of Containers.Bounded_Hashed_Maps,
if the two instances meet the following conditions, then the output generated
by the Map'Output or Map'Write subprograms of either instance shall be
readable by the Map'Input or Map'Read of the other instance, respectively:
{
AI05-0184-1}
{
AI05-0248-1}
the Element_Type parameters of the two instances are statically matching
subtypes of the same type; and
{
AI05-0184-1}
the output generated by Element_Type'Output or Element_Type'Write is
readable by Element_Type'Input or Element_Type'Read, respectively (where
Element_Type denotes the type of the two actual Element_Type parameters);
and
{
AI05-0184-1}
the preceding two conditions also hold for the Key_Type parameters of
the instances.
Implementation Advice
{
AI05-0001-1}
{
AI05-0269-1}
Bounded hashed map objects should be implemented without implicit pointers
or dynamic allocation.
Implementation Advice: Bounded hashed
map objects should be implemented without implicit pointers or dynamic
allocation.
{
AI05-0001-1}
The implementation advice for procedure Move to minimize copying does
not apply.
Implementation Advice: The implementation
advice for procedure Move to minimize copying does not apply to bounded
hashed maps.
Extensions to Ada 2005
Inconsistencies With Ada 2012
{
AI12-0111-1}
Correction: Tampering with elements is now
defined to be equivalent to tampering with cursors for bounded containers.
If a program requires tampering detection to work, it might fail in Ada
2022. Needless to say, this shouldn't happen outside of test programs.
See Inconsistencies With Ada 2012 in
A.18.2
for more details.
Incompatibilities With Ada 2012
{
AI12-0409-1}
Correction:A bounded map now only has Preelaborable_Initialization
(abbreviated PI in this note) when the actuals for the Element_Type and
the Key_Type have PI. If an program used a map whose actual Element_Type
or Key_Type does not have PI in a context when PI is required (such as
a library-level object in a preelaborated unit or as a component of a
type with PI), the program would be illegal in Ada 2022 but legal in
original Ada 2012. This situation is unlikely, especially as some existing
Ada 2012 implementations reject the instance in this case.
Ada 2005 and 2012 Editions sponsored in part by Ada-Europe
