diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3f4af6757..e081aa423 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -361,6 +361,7 @@ verification_apps: - "ping" - "dhcp_client" - "spdm_responder" + - "dccp" script: - *update_timestamps_of_generated_code - *setup_gnat diff --git a/Makefile b/Makefile index a3bea8e56..7eb40b8b3 100644 --- a/Makefile +++ b/Makefile @@ -167,6 +167,7 @@ test_compilation: $(MAKE) -C examples/apps/ping build $(MAKE) -C examples/apps/dhcp_client build $(MAKE) -C examples/apps/spdm_responder lib + $(MAKE) -C examples/apps/dccp build $(PYTEST) tests/compilation $(MAKE) -C tests/spark test NOPREFIX=1 $(MAKE) -C tests/spark clean @@ -334,6 +335,7 @@ clean: $(MAKE) -C examples/apps/ping clean $(MAKE) -C examples/apps/dhcp_client clean $(MAKE) -C examples/apps/spdm_responder clean + $(MAKE) -C examples/apps/dccp clean $(MAKE) -C doc/language_reference clean $(MAKE) -C doc/user_guide clean $(MAKE) -C ide/vscode clean diff --git a/examples/apps/dccp/Makefile b/examples/apps/dccp/Makefile index ff6481a2b..6b3040bda 100644 --- a/examples/apps/dccp/Makefile +++ b/examples/apps/dccp/Makefile @@ -1,11 +1,34 @@ +include ../../../Makefile.common + +SPECS = $(wildcard specs/*.rflx) +GENERATED = build/generated/rflx-dccp-packet.ads +BIN = build/obj/dccp_client build/obj/dccp_server +GRAPHS = graphs/DCCP_Option.svg graphs/DCCP_Packet.svg + .PHONY: test build prove generate clean -test: +test: $(BIN) + rflx validate --coverage -v tests/samples/valid -- $(SPECS) DCCP::Packet + tests/run -build: +build: $(BIN) -prove: +prove: $(GNATPROVE_CACHE_DIR) $(GENERATED) + $(GNATPROVE) -Pdccp -generate: +generate: $(GENERATED) $(GRAPHS) clean: + rm -rf build + +$(GENERATED): $(SPECS) | build/generated + rflx generate -d build/generated $^ + +build/generated: + mkdir -p build/generated + +$(BIN): $(GENERATED) $(wildcard build/generated/*) + gprbuild -Pdccp -Xgnat=$(GNAT) + +$(GRAPHS): $(SPECS) + rflx graph -d graphs $^ diff --git a/examples/apps/dccp/README.md b/examples/apps/dccp/README.md index c0cf74466..4bc77b97e 100644 --- a/examples/apps/dccp/README.md +++ b/examples/apps/dccp/README.md @@ -1,7 +1,5 @@ # DCCP -## Getting started - This project provides a simplified example set for a DCCP specification with a "client" and "server" application. Additional details about what each application does are described below. ## DCCP Server @@ -37,32 +35,32 @@ Once the client is running and prints out message status information, the server ## DCCP Specification -RecordFlux was used to generate the "DCCP specification" for this project. Note that the DCCP protocol was **NOT** implemented in its entirety. The core of the protocol is the **Generic Header**; a fairly simple implementation of this is implemented in RecordFlux. A small portion of **Additional Fields** and **Options** are also implemented so as to align with the Wireshark sample data set. Additionally, the **Application Data Area** of the protocol is lightly implemented here based on Wireshark data. +Note that the DCCP protocol was **NOT** implemented in its entirety. The core of the protocol is the **Generic Header**; a fairly simple implementation of this is implemented in RecordFlux. A small portion of **Additional Fields** and **Options** are also implemented so as to align with the Wireshark sample data set. Additionally, the **Application Data Area** of the protocol is lightly implemented here based on Wireshark data. -The DCCP Specification file is located in the **\specs** folder of each application. +The DCCP Specification file is located in the `specs` directory. -The message graph (generated from the specification file) is located in the **\out** folder of each application. This provides a visual graph of the message itself, which can be useful for understanding and/or message interpretation. +The message graph (generated from the specification file) is located in the `graphs` directory. This provides a visual graph of the message itself, which can be useful for understanding and/or message interpretation. ## HOWTO: Generate a Message Graph To generate a message graph using RecordFlux, locate the message spec and enter the following into the terminal window: -`rflx graph -d ./out dccp.rflx` +`rflx graph -d graphs specs/dccp.rflx` -For the above, **out** is the output directory for the graph and **dccp.rflx** is the spec file. +For the above, `graphs` is the output directory for the graph and `dccp.rflx` is the spec file. ## HOWTO: Generate Code Files from a Specification To generate code files for the RecordFlux specification, locate the message spec and enter the following into the terminal window: -`rflx generate -d ./generated/ dccp.rflx` +`rflx generate -d build/generated specs/dccp.rflx` -For the above, **generated** is the output directory for the generated code files and **dccp.rflx** is the spec file. +For the above, `build/generated` is the output directory for the generated code files and `dccp.rflx` is the spec file. ## HOWTO: Validate the Specification RecordFlux provides the ability to validate a message specification with real world files in a RAW format. To run validate and generate a corresponding report, locate the message spec and enter the following into the terminal window: -`rflx validate --coverage -v ./test/valid/ dccp.rflx DCCP::Header` +`rflx validate --coverage -v tests/samples/valid -- specs/dccp.rflx DCCP::Packet` -For the above, **./test/valid** is the folder in which "valid" sample RAW files are located and **dccp.rflx** is the spec file. +For the above, `tests/samples/valid` is the directory in which "valid" sample RAW files are located and `dccp.rflx` is the spec file. diff --git a/examples/apps/dccp/build.gpr b/examples/apps/dccp/build.gpr deleted file mode 100644 index 74337e69f..000000000 --- a/examples/apps/dccp/build.gpr +++ /dev/null @@ -1,28 +0,0 @@ -aggregate project Build is - - for Project_Files use ("dccp_client/dccp_client.gpr", "dccp_server/dccp_server.gpr"); - for Create_Missing_Dirs use "True"; - - Proof_Switches := - ( - "--prover=z3,cvc5,altergo,colibri", - "--steps=0", - "--timeout=300", - "--memlimit=5000", - "--checks-as-errors", - "--warnings=error", - "--function-sandboxing=off", - "--counterexamples=off", - "--output=oneline", - "-j0" - ); - - package Prove is - for Proof_Switches ("Ada") use Proof_Switches; - end Prove; - - package Builder is - for Global_Configuration_Pragmas use "common.adc"; - end Builder; - -end Build; diff --git a/examples/apps/dccp/dccp.gpr b/examples/apps/dccp/dccp.gpr new file mode 100644 index 000000000..857756fde --- /dev/null +++ b/examples/apps/dccp/dccp.gpr @@ -0,0 +1,43 @@ +with "../../../defaults"; + +project Build is + + for Languages use ("RecordFlux", "Ada"); + for Source_Dirs use ("src", "build/generated", "specs"); + for Object_Dir use "build/obj"; + for Create_Missing_Dirs use "True"; + for Main use ("dccp_client.adb", "dccp_server.adb"); + + package Builder is + for Default_Switches ("Ada") use Defaults.Builder_Switches; + for Global_Configuration_Pragmas use "common.adc"; + end Builder; + + package Compiler is + for Driver ("RecordFlux") use ""; + for Default_Switches ("Ada") use Defaults.Compiler_Switches; + end Compiler; + + package Binder is + for Default_Switches ("Ada") use Defaults.Binder_Switches; + end Binder; + + package Naming is + for Spec_Suffix ("RecordFlux") use ".rflx"; + end Naming; + + package RecordFlux is + for Output_Dir use "build/generated"; + end RecordFlux; + + package Prove is + for Proof_Switches ("Ada") use Defaults.Proof_Switches & + ( + "--prover=z3,cvc5,altergo,colibri" + ); + for Proof_Switches ("msg_write.adb") use ("--timeout=300", "--memlimit=5000"); + for Proof_Switches ("rflx-dccp-packet.adb") use ("--timeout=360", "--memlimit=5000"); + for Proof_Switches ("rflx-rflx_arithmetic.adb") use ("--timeout=120"); + end Prove; + +end Build; diff --git a/examples/apps/dccp/dccp_client/.gitignore b/examples/apps/dccp/dccp_client/.gitignore deleted file mode 100644 index 2bc64887d..000000000 --- a/examples/apps/dccp/dccp_client/.gitignore +++ /dev/null @@ -1 +0,0 @@ -**/obj/** \ No newline at end of file diff --git a/examples/apps/dccp/dccp_client/dccp_client.gpr b/examples/apps/dccp/dccp_client/dccp_client.gpr deleted file mode 100644 index ee18a1495..000000000 --- a/examples/apps/dccp/dccp_client/dccp_client.gpr +++ /dev/null @@ -1,25 +0,0 @@ -with "../defaults"; - -project DCCP_Client is - - for Languages use ("RecordFlux", "Ada"); - for Source_Dirs use ("src", "../rflx/generated", "../rflx/specs", "../common"); - for Object_Dir use "obj"; - for Create_Missing_Dirs use "True"; - for Main use ("dccp_client.adb"); - - package Compiler is - for Driver ("recordflux") use ""; - for Default_Switches("Ada") use Defaults.Compiler_Switches; - end Compiler; - - package Naming is - for Spec_Suffix ("recordflux") use ".rflx"; - end Naming; - - package Recordflux is - for Output_Dir use "../rflx/generated"; - end Recordflux; - -end DCCP_Client; - diff --git a/examples/apps/dccp/dccp_server/.gitignore b/examples/apps/dccp/dccp_server/.gitignore deleted file mode 100644 index 2bc64887d..000000000 --- a/examples/apps/dccp/dccp_server/.gitignore +++ /dev/null @@ -1 +0,0 @@ -**/obj/** \ No newline at end of file diff --git a/examples/apps/dccp/dccp_server/dccp_server.gpr b/examples/apps/dccp/dccp_server/dccp_server.gpr deleted file mode 100644 index 7369f7cbf..000000000 --- a/examples/apps/dccp/dccp_server/dccp_server.gpr +++ /dev/null @@ -1,24 +0,0 @@ -with "../defaults"; - -project DCCP_Server is - - for Languages use ("RecordFlux", "Ada"); - for Source_Dirs use ("../rflx/generated", "../rflx/specs", "src", "../common"); - for Object_Dir use "obj"; - for Create_Missing_Dirs use "True"; - for Main use ("dccp_server.adb"); - - package Compiler is - for Driver ("recordflux") use ""; - for Default_Switches ("Ada") use Defaults.Compiler_Switches; - end Compiler; - - package Naming is - for Spec_Suffix ("recordflux") use ".rflx"; - end Naming; - - package Recordflux is - for Output_Dir use "../rflx/generated"; - end Recordflux; - -end DCCP_Server; diff --git a/examples/apps/dccp/defaults.gpr b/examples/apps/dccp/defaults.gpr deleted file mode 100644 index 1d6bf1251..000000000 --- a/examples/apps/dccp/defaults.gpr +++ /dev/null @@ -1,152 +0,0 @@ -abstract project Defaults is - - type Build_Mode is ("strict", "asserts_enabled", "optimized"); - Mode : Build_Mode := external ("mode", "asserts_enabled"); - Cache := external ("GNATPROVE_CACHE", ""); - Procs := external ("GNATPROVE_PROCS", ""); - - Compiler_Variant := external ("gnat", ""); - - GNATVI := "-gnatVi"; - GNATVO := "-gnatVo"; - GNATEV := "-gnateV"; - GNATA := ""; -- "-gnata"; - - case Compiler_Variant is - when "community2020" => - GNATVI := ""; -- Eng/RecordFlux/Workarounds#43 - GNATA := ""; -- Eng/RecordFlux/Workarounds#49 - when "community2021" => - GNATA := ""; -- Eng/RecordFlux/Workarounds#49 - when "pro20.2" => - GNATVI := ""; -- Eng/RecordFlux/Workarounds#43 - GNATVO := ""; -- Eng/RecordFlux/Workarounds#23 - GNATEV := ""; -- Eng/RecordFlux/Workarounds#22 - GNATA := ""; -- Eng/RecordFlux/Workarounds#49 - when "pro21.2" | "pro22.2" => - GNATA := ""; -- Eng/RecordFlux/Workarounds#49 - when "fsf11.2.4" | "fsf12.1.2" => - GNATA := ""; -- Eng/RecordFlux/Workarounds#49 - when others => - end case; - - case Mode is - when "strict" | "optimized" => - GNATA := ""; - when "asserts_enabled" => - end case; - - Global_Configuration_Pragmas := "defaults_backward_compatible.adc"; - - case Compiler_Variant is - when "pro23.0w-20220508" | "pro23.0" | "pro23.1" | "pro23.2" => - Global_Configuration_Pragmas := "defaults.adc"; - when others => - end case; - - Cache_Switch := ""; - case Cache is - when "" => - null; - when others => - Cache_Switch := "--memcached-server=" & Cache; - end case; - - Procs_Switch := ""; - case Procs is - when "" => - Procs_Switch := "-j 0"; - when others => - Procs_Switch := "-j " & Procs; - end case; - - Proof_Switches := - ( - "--prover=z3,cvc4,altergo,colibri", - "--steps=0", - "--timeout=180", - "--memlimit=1500", - "--checks-as-errors", - "--warnings=error", - -- Eng/RecordFlux/RecordFlux#670 - -- "--proof-warnings", - "--function-sandboxing=off", - "--counterexamples=off", - Procs_Switch, - Cache_Switch - ); - - Builder_Switches := - ( - "-j0" - ); - - Compiler_Switches := - ( - "-gnatA", -- Avoid processing gnat.adc. If a gnat.adc file is present, it will be ignored. - "-gnatf", -- Full errors. Multiple errors per line, all undefined references, do not attempt to suppress cascaded errors. - "-gnatU", -- Tag all error messages with the unique string ‘error:’. - - -- Validity Checks - "-gnatVc", -- Validity checks for copies. - "-gnatVd", -- Default (RM) validity checks. - "-gnatVe", -- Validity checks for elementary components. - "-gnatVf", -- Validity checks for floating-point values. - GNATVI, -- Validity checks for ``in`` mode parameters. - "-gnatVm", -- Validity checks for ``in out`` mode parameters. - GNATVO, -- Validity checks for operator and attribute operands. - "-gnatVp", -- Validity checks for parameters. - "-gnatVr", -- Validity checks for function returns. - "-gnatVs", -- Validity checks for subscripts. - "-gnatVt", -- Validity checks for tests. - GNATEV, -- Check that all actual parameters of a subprogram call are valid according to the rules of validity checking (Validity Checking). - - -- Debugging - "-fstack-check", -- Activate stack checking. - "-g", -- Enable generation of debugging information. - GNATA, -- Enable assertions. - - -- Warnings - "-gnatwa", -- Activate most optional warnings. - "-gnatw.d", -- Activate tagging of warning and info messages. - "-gnatwe", -- Treat all run-time exception warnings as errors. - "-gnatwd", -- Activate warnings on implicit dereferencing. - -- Eng/RecordFlux/Workarounds#27 - -- "-gnatwh", -- Activate warnings on hiding. - "-gnatwt", -- Activate warnings for tracking of deleted conditional code. - "-gnatwQ", -- Suppress warnings on questionable missing parentheses. - - -- Style Checks - "-gnaty3", -- Specify indentation level. - "-gnatya", -- Check attribute casing. - "-gnatyA", -- Use of array index numbers in array attributes. - "-gnatyb", -- Blanks not allowed at statement end. - "-gnatyC", -- Check comments, single space. - "-gnatyd", -- Check no DOS line terminators present. - "-gnatye", -- Check end/exit labels. - "-gnatyf", -- No form feeds or vertical tabs. - "-gnatyh", -- No horizontal tabs. - "-gnatyi", -- Check if-then layout. - "-gnatyI", -- Check mode IN keywords. - "-gnatyk", -- Check keyword casing. - "-gnatyl", -- Check layout. - "-gnatyL9", -- Set maximum nesting level. - "-gnatyM120", -- Set maximum line length. - "-gnatyn", -- Check casing of entities in Standard. - "-gnatyO", -- Check that overriding subprograms are explicitly marked as such. - "-gnatyp", -- Check pragma casing. - "-gnatyr", -- Check references. - "-gnatyS", -- Check no statements after then/else. - "-gnatyt", -- Check token spacing. - "-gnatyu", -- Check unnecessary blank lines. - "-gnatyx", -- Check extra parentheses. - - "" - ); - - Binder_Switches := - ( - "-Es" - ); - -end Defaults; diff --git a/examples/apps/dccp/rflx/out/DCCP_Option.svg b/examples/apps/dccp/graphs/DCCP_Option.svg similarity index 100% rename from examples/apps/dccp/rflx/out/DCCP_Option.svg rename to examples/apps/dccp/graphs/DCCP_Option.svg diff --git a/examples/apps/dccp/rflx/out/DCCP_Packet.svg b/examples/apps/dccp/graphs/DCCP_Packet.svg similarity index 100% rename from examples/apps/dccp/rflx/out/DCCP_Packet.svg rename to examples/apps/dccp/graphs/DCCP_Packet.svg diff --git a/examples/apps/dccp/rflx/generated/rflx-dccp-option.adb b/examples/apps/dccp/rflx/generated/rflx-dccp-option.adb deleted file mode 100644 index 9ad2269bc..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-dccp-option.adb +++ /dev/null @@ -1,888 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); -pragma Warnings (Off, "redundant conversion"); -with RFLX.RFLX_Types.Operations; - -package body RFLX.DCCP.Option with - SPARK_Mode -is - - pragma Unevaluated_Use_Of_Old (Allow); - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; Written_Last : RFLX_Types.Bit_Length := 0) is - begin - Initialize (Ctx, Buffer, RFLX_Types.To_First_Bit_Index (Buffer'First), RFLX_Types.To_Last_Bit_Index (Buffer'Last), Written_Last); - end Initialize; - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length := 0) is - Buffer_First : constant RFLX_Types.Index := Buffer'First; - Buffer_Last : constant RFLX_Types.Index := Buffer'Last; - begin - Ctx := (Buffer_First, Buffer_Last, First, Last, First - 1, (if Written_Last = 0 then First - 1 else Written_Last), Buffer, (F_Option_Type => (State => S_Invalid, Predecessor => F_Initial), others => (State => S_Invalid, Predecessor => F_Final))); - Buffer := null; - end Initialize; - - procedure Reset (Ctx : in out Context) is - begin - Reset (Ctx, RFLX_Types.To_First_Bit_Index (Ctx.Buffer'First), RFLX_Types.To_Last_Bit_Index (Ctx.Buffer'Last)); - end Reset; - - procedure Reset (Ctx : in out Context; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) is - begin - Ctx := (Ctx.Buffer_First, Ctx.Buffer_Last, First, Last, First - 1, First - 1, Ctx.Buffer, (F_Option_Type => (State => S_Invalid, Predecessor => F_Initial), others => (State => S_Invalid, Predecessor => F_Final))); - end Reset; - - procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) is - begin - Buffer := Ctx.Buffer; - Ctx.Buffer := null; - end Take_Buffer; - - procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) is - begin - if Buffer'Length > 0 then - Buffer := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last)); - else - Buffer := Ctx.Buffer.all (1 .. 0); - end if; - end Copy; - - function Read (Ctx : Context) return RFLX_Types.Bytes is - (Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last))); - - procedure Generic_Read (Ctx : Context) is - begin - Read (Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last))); - end Generic_Read; - - procedure Generic_Write (Ctx : in out Context; Offset : RFLX_Types.Length := 0) is - Length : RFLX_Types.Length; - begin - Reset (Ctx, RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First), RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last)); - Write (Ctx.Buffer.all (Ctx.Buffer'First + RFLX_Types.Index (Offset + 1) - 1 .. Ctx.Buffer'Last), Length, Ctx.Buffer'Length, Offset); - pragma Assert (Length <= Ctx.Buffer.all'Length, "Length <= Buffer'Length is not ensured by postcondition of ""Write"""); - Ctx.Written_Last := RFLX_Types.Bit_Index'Max (Ctx.Written_Last, RFLX_Types.To_Last_Bit_Index (RFLX_Types.Length (Ctx.Buffer_First) + Offset + Length - 1)); - end Generic_Write; - - procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) is - begin - Data := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last)); - end Data; - - pragma Warnings (Off, "precondition is always False"); - - function Successor (Ctx : Context; Fld : Field) return Virtual_Field is - ((case Fld is - when F_Option_Type => - (if - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)) - then - F_Final - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)) - then - F_Option_Length - else - F_Initial), - when F_Option_Length => - (if - Ctx.Cursors (F_Option_Length).Value >= 4 - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME)) - then - F_Elapsed_Time_Opt - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)) - then - F_Loss_Event_Rate - elsif - Ctx.Cursors (F_Option_Length).Value >= 3 - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT)) - then - F_NDP_Count_Opt - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R)) - then - F_Option_Feature - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)) - then - F_Receive_Rate - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) - then - F_Timestamp_Echo_Opt - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)) - then - F_Timestamp_Option - else - F_Initial), - when F_Loss_Event_Rate | F_NDP_Count_Opt => - F_Final, - when F_Option_Feature => - (if - (RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R))) - and (RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Feature).Value) < RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.FEATURE_RESERVED)) - or Ctx.Cursors (F_Option_Feature).Value > 255) - then - F_Final - elsif - True - then - F_Option_Value - else - F_Initial), - when F_Receive_Rate => - F_Final, - when F_Timestamp_Echo_Opt => - (if - Ctx.Cursors (F_Option_Length).Value >= 8 - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) - then - F_Elapsed_Time_Opt - else - F_Initial), - when F_Timestamp_Option | F_Option_Value | F_Elapsed_Time_Opt => - F_Final)) - with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and RFLX.DCCP.Option.Well_Formed (Ctx, Fld) - and RFLX.DCCP.Option.Valid_Predecessor (Ctx, Fld); - - pragma Warnings (On, "precondition is always False"); - - function Invalid_Successor (Ctx : Context; Fld : Field) return Boolean is - ((case Fld is - when F_Option_Type => - Invalid (Ctx.Cursors (F_Option_Length)), - when F_Option_Length => - Invalid (Ctx.Cursors (F_Elapsed_Time_Opt)) - and Invalid (Ctx.Cursors (F_Loss_Event_Rate)) - and Invalid (Ctx.Cursors (F_NDP_Count_Opt)) - and Invalid (Ctx.Cursors (F_Option_Feature)) - and Invalid (Ctx.Cursors (F_Receive_Rate)) - and Invalid (Ctx.Cursors (F_Timestamp_Echo_Opt)) - and Invalid (Ctx.Cursors (F_Timestamp_Option)), - when F_Loss_Event_Rate | F_NDP_Count_Opt => - True, - when F_Option_Feature => - Invalid (Ctx.Cursors (F_Option_Value)), - when F_Receive_Rate => - True, - when F_Timestamp_Echo_Opt => - Invalid (Ctx.Cursors (F_Elapsed_Time_Opt)), - when F_Timestamp_Option | F_Option_Value | F_Elapsed_Time_Opt => - True)); - - function Sufficient_Buffer_Length (Ctx : Context; Fld : Field) return Boolean is - (Ctx.Buffer /= null - and Field_First (Ctx, Fld) + Field_Size (Ctx, Fld) < RFLX_Types.Bit_Length'Last - and Ctx.First <= Field_First (Ctx, Fld) - and Field_First (Ctx, Fld) + Field_Size (Ctx, Fld) - 1 <= Ctx.Written_Last) - with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and RFLX.DCCP.Option.Valid_Next (Ctx, Fld); - - function Equal (Ctx : Context; Fld : Field; Data : RFLX_Types.Bytes) return Boolean is - (Sufficient_Buffer_Length (Ctx, Fld) - and then (case Fld is - when F_NDP_Count_Opt | F_Option_Value | F_Elapsed_Time_Opt => - Data'Length = RFLX_Types.To_Index (Field_Last (Ctx, Fld)) - RFLX_Types.To_Index (Field_First (Ctx, Fld)) + 1 - and then (for all I in RFLX_Types.Index range RFLX_Types.To_Index (Field_First (Ctx, Fld)) .. RFLX_Types.To_Index (Field_Last (Ctx, Fld)) => - Ctx.Buffer.all (I) = Data (Data'First + (I - RFLX_Types.To_Index (Field_First (Ctx, Fld))))), - when others => - False)); - - procedure Reset_Dependent_Fields (Ctx : in out Context; Fld : Field) with - Pre => - RFLX.DCCP.Option.Valid_Next (Ctx, Fld), - Post => - Valid_Next (Ctx, Fld) - and Invalid (Ctx.Cursors (Fld)) - and Invalid_Successor (Ctx, Fld) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Ctx.Cursors (Fld).Predecessor = Ctx.Cursors (Fld).Predecessor'Old - and Has_Buffer (Ctx) = Has_Buffer (Ctx)'Old - and Field_First (Ctx, Fld) = Field_First (Ctx, Fld)'Old - and Field_Size (Ctx, Fld) = Field_Size (Ctx, Fld)'Old - and (for all F in Field => - (if F < Fld then Ctx.Cursors (F) = Ctx.Cursors'Old (F) else Invalid (Ctx, F))) - is - First : constant RFLX_Types.Bit_Length := Field_First (Ctx, Fld) with - Ghost; - Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld) with - Ghost; - begin - pragma Assert (Field_First (Ctx, Fld) = First - and Field_Size (Ctx, Fld) = Size); - for Fld_Loop in reverse Field'Succ (Fld) .. Field'Last loop - Ctx.Cursors (Fld_Loop) := (S_Invalid, F_Final); - pragma Loop_Invariant (Field_First (Ctx, Fld) = First - and Field_Size (Ctx, Fld) = Size); - pragma Loop_Invariant ((for all F in Field => - (if F < Fld_Loop then Ctx.Cursors (F) = Ctx.Cursors'Loop_Entry (F) else Invalid (Ctx, F)))); - end loop; - pragma Assert (Field_First (Ctx, Fld) = First - and Field_Size (Ctx, Fld) = Size); - Ctx.Cursors (Fld) := (S_Invalid, Ctx.Cursors (Fld).Predecessor); - pragma Assert (Field_First (Ctx, Fld) = First - and Field_Size (Ctx, Fld) = Size); - end Reset_Dependent_Fields; - - function Composite_Field (Fld : Field) return Boolean is - (Fld in F_NDP_Count_Opt | F_Option_Value | F_Elapsed_Time_Opt); - - function Get (Ctx : Context; Fld : Field) return RFLX_Types.Base_Integer with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, Fld) - and then RFLX.DCCP.Option.Sufficient_Buffer_Length (Ctx, Fld) - and then not RFLX.DCCP.Option.Composite_Field (Fld) - is - First : constant RFLX_Types.Bit_Index := Field_First (Ctx, Fld); - Last : constant RFLX_Types.Bit_Index := Field_Last (Ctx, Fld); - Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (First); - Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Last); - Offset : constant RFLX_Types.Offset := RFLX_Types.Offset ((RFLX_Types.Byte'Size - Last mod RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size); - Size : constant Positive := (case Fld is - when F_Option_Type | F_Option_Length => - 8, - when F_Loss_Event_Rate => - 32, - when F_Option_Feature => - 8, - when F_Receive_Rate | F_Timestamp_Echo_Opt | F_Timestamp_Option => - 32, - when others => - Positive'Last); - Byte_Order : constant RFLX_Types.Byte_Order := RFLX_Types.High_Order_First; - begin - return RFLX_Types.Operations.Extract (Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Size, Byte_Order); - end Get; - - procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.Base_Integer; - begin - if - Invalid (Ctx.Cursors (Fld)) - and then Valid_Predecessor (Ctx, Fld) - and then Path_Condition (Ctx, Fld) - then - if Sufficient_Buffer_Length (Ctx, Fld) then - Value := (if Composite_Field (Fld) then 0 else Get (Ctx, Fld)); - if - Valid_Value (Fld, Value) - and then Field_Condition (Ctx, Fld, Value) - then - pragma Assert ((if - Fld = F_Elapsed_Time_Opt - or Fld = F_Loss_Event_Rate - or Fld = F_NDP_Count_Opt - or Fld = F_Option_Feature - or Fld = F_Option_Type - or Fld = F_Option_Value - or Fld = F_Receive_Rate - or Fld = F_Timestamp_Option - then - Field_Last (Ctx, Fld) mod RFLX_Types.Byte'Size = 0)); - pragma Assert ((((Field_Last (Ctx, Fld) + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size = 0); - Ctx.Verified_Last := ((Field_Last (Ctx, Fld) + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size; - pragma Assert (Field_Last (Ctx, Fld) <= Ctx.Verified_Last); - if Composite_Field (Fld) then - Ctx.Cursors (Fld) := (State => S_Well_Formed, First => Field_First (Ctx, Fld), Last => Field_Last (Ctx, Fld), Value => Value, Predecessor => Ctx.Cursors (Fld).Predecessor); - else - Ctx.Cursors (Fld) := (State => S_Valid, First => Field_First (Ctx, Fld), Last => Field_Last (Ctx, Fld), Value => Value, Predecessor => Ctx.Cursors (Fld).Predecessor); - end if; - Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); - else - Ctx.Cursors (Fld) := (State => S_Invalid, Predecessor => F_Final); - end if; - else - Ctx.Cursors (Fld) := (State => S_Incomplete, Predecessor => F_Final); - end if; - end if; - end Verify; - - procedure Verify_Message (Ctx : in out Context) is - begin - for F in Field loop - pragma Loop_Invariant (Has_Buffer (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Loop_Entry - and Ctx.Buffer_Last = Ctx.Buffer_Last'Loop_Entry - and Ctx.First = Ctx.First'Loop_Entry - and Ctx.Last = Ctx.Last'Loop_Entry); - Verify (Ctx, F); - end loop; - end Verify_Message; - - function Get_NDP_Count_Opt (Ctx : Context) return RFLX_Types.Bytes is - First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_NDP_Count_Opt).First); - Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_NDP_Count_Opt).Last); - begin - return Ctx.Buffer.all (First .. Last); - end Get_NDP_Count_Opt; - - function Get_Option_Value (Ctx : Context) return RFLX_Types.Bytes is - First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Option_Value).First); - Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Option_Value).Last); - begin - return Ctx.Buffer.all (First .. Last); - end Get_Option_Value; - - function Get_Elapsed_Time_Opt (Ctx : Context) return RFLX_Types.Bytes is - First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Elapsed_Time_Opt).First); - Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Elapsed_Time_Opt).Last); - begin - return Ctx.Buffer.all (First .. Last); - end Get_Elapsed_Time_Opt; - - procedure Get_NDP_Count_Opt (Ctx : Context; Data : out RFLX_Types.Bytes) is - First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_NDP_Count_Opt).First); - Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_NDP_Count_Opt).Last); - begin - Data := (others => RFLX_Types.Byte'First); - Data (Data'First .. Data'First + (Last - First)) := Ctx.Buffer.all (First .. Last); - end Get_NDP_Count_Opt; - - procedure Get_Option_Value (Ctx : Context; Data : out RFLX_Types.Bytes) is - First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Option_Value).First); - Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Option_Value).Last); - begin - Data := (others => RFLX_Types.Byte'First); - Data (Data'First .. Data'First + (Last - First)) := Ctx.Buffer.all (First .. Last); - end Get_Option_Value; - - procedure Get_Elapsed_Time_Opt (Ctx : Context; Data : out RFLX_Types.Bytes) is - First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Elapsed_Time_Opt).First); - Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Elapsed_Time_Opt).Last); - begin - Data := (others => RFLX_Types.Byte'First); - Data (Data'First .. Data'First + (Last - First)) := Ctx.Buffer.all (First .. Last); - end Get_Elapsed_Time_Opt; - - procedure Generic_Get_NDP_Count_Opt (Ctx : Context) is - First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_NDP_Count_Opt).First); - Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_NDP_Count_Opt).Last); - begin - Process_NDP_Count_Opt (Ctx.Buffer.all (First .. Last)); - end Generic_Get_NDP_Count_Opt; - - procedure Generic_Get_Option_Value (Ctx : Context) is - First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Option_Value).First); - Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Option_Value).Last); - begin - Process_Option_Value (Ctx.Buffer.all (First .. Last)); - end Generic_Get_Option_Value; - - procedure Generic_Get_Elapsed_Time_Opt (Ctx : Context) is - First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Elapsed_Time_Opt).First); - Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Elapsed_Time_Opt).Last); - begin - Process_Elapsed_Time_Opt (Ctx.Buffer.all (First .. Last)); - end Generic_Get_Elapsed_Time_Opt; - - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.Base_Integer; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, Fld) - and then RFLX.DCCP.Option.Valid_Value (Fld, Val) - and then RFLX.DCCP.Option.Valid_Size (Ctx, Fld, Size) - and then Size <= RFLX.DCCP.Option.Available_Space (Ctx, Fld) - and then (if RFLX.DCCP.Option.Composite_Field (Fld) then Size mod RFLX_Types.Byte'Size = 0 else State_Valid), - Post => - Valid_Next (Ctx, Fld) - and then Invalid_Successor (Ctx, Fld) - and then Buffer_First = RFLX_Types.To_Index (Field_First (Ctx, Fld)) - and then Buffer_Last = RFLX_Types.To_Index (Field_First (Ctx, Fld) + Size - 1) - and then Offset = RFLX_Types.Offset ((RFLX_Types.Byte'Size - (Field_First (Ctx, Fld) + Size - 1) mod RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size) - and then Ctx.Buffer_First = Ctx.Buffer_First'Old - and then Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and then Ctx.First = Ctx.First'Old - and then Ctx.Last = Ctx.Last'Old - and then Ctx.Buffer_First = Ctx.Buffer_First'Old - and then Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and then Ctx.First = Ctx.First'Old - and then Ctx.Last = Ctx.Last'Old - and then Has_Buffer (Ctx) = Has_Buffer (Ctx)'Old - and then Predecessor (Ctx, Fld) = Predecessor (Ctx, Fld)'Old - and then Field_First (Ctx, Fld) = Field_First (Ctx, Fld)'Old - and then Sufficient_Space (Ctx, Fld) - and then (if State_Valid and Size > 0 then Valid (Ctx, Fld) else Well_Formed (Ctx, Fld)) - and then (case Fld is - when F_Option_Type => - Get_Option_Type (Ctx) = To_Actual (Val) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)) - then - Predecessor (Ctx, F_Option_Length) = F_Option_Type - and Valid_Next (Ctx, F_Option_Length)) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), - when F_Option_Length => - Get_Option_Length (Ctx) = To_Actual (Val) - and (if - Get_Option_Length (Ctx) >= 4 - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME)) - then - Predecessor (Ctx, F_Elapsed_Time_Opt) = F_Option_Length - and Valid_Next (Ctx, F_Elapsed_Time_Opt)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)) - then - Predecessor (Ctx, F_Loss_Event_Rate) = F_Option_Length - and Valid_Next (Ctx, F_Loss_Event_Rate)) - and (if - Get_Option_Length (Ctx) >= 3 - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT)) - then - Predecessor (Ctx, F_NDP_Count_Opt) = F_Option_Length - and Valid_Next (Ctx, F_NDP_Count_Opt)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R)) - then - Predecessor (Ctx, F_Option_Feature) = F_Option_Length - and Valid_Next (Ctx, F_Option_Feature)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)) - then - Predecessor (Ctx, F_Receive_Rate) = F_Option_Length - and Valid_Next (Ctx, F_Receive_Rate)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) - then - Predecessor (Ctx, F_Timestamp_Echo_Opt) = F_Option_Length - and Valid_Next (Ctx, F_Timestamp_Echo_Opt)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)) - then - Predecessor (Ctx, F_Timestamp_Option) = F_Option_Length - and Valid_Next (Ctx, F_Timestamp_Option)), - when F_Loss_Event_Rate => - Get_Loss_Event_Rate (Ctx) = To_Actual (Val) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), - when F_NDP_Count_Opt => - (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), - when F_Option_Feature => - Get_Option_Feature (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Option_Value) = F_Option_Feature - and Valid_Next (Ctx, F_Option_Value)) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), - when F_Receive_Rate => - Get_Receive_Rate (Ctx) = To_Actual (Val) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), - when F_Timestamp_Echo_Opt => - Get_Timestamp_Echo_Opt (Ctx) = To_Actual (Val) - and (if - Get_Option_Length (Ctx) >= 8 - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) - then - Predecessor (Ctx, F_Elapsed_Time_Opt) = F_Timestamp_Echo_Opt - and Valid_Next (Ctx, F_Elapsed_Time_Opt)), - when F_Timestamp_Option => - Get_Timestamp_Option (Ctx) = To_Actual (Val) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), - when F_Option_Value | F_Elapsed_Time_Opt => - (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld))) - and then (for all F in Field => - (if F < Fld then Ctx.Cursors (F) = Ctx.Cursors'Old (F))) - is - First : RFLX_Types.Bit_Index; - Last : RFLX_Types.Bit_Length; - begin - Reset_Dependent_Fields (Ctx, Fld); - First := Field_First (Ctx, Fld); - Last := Field_First (Ctx, Fld) + Size - 1; - Offset := RFLX_Types.Offset ((RFLX_Types.Byte'Size - Last mod RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size); - Buffer_First := RFLX_Types.To_Index (First); - Buffer_Last := RFLX_Types.To_Index (Last); - pragma Assert ((((Last + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size = 0); - pragma Warnings (Off, "attribute Update is an obsolescent feature"); - Ctx := Ctx'Update (Verified_Last => ((Last + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size, Written_Last => ((Last + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size); - pragma Warnings (On, "attribute Update is an obsolescent feature"); - pragma Assert (Size = (case Fld is - when F_Option_Type | F_Option_Length => - 8, - when F_Loss_Event_Rate => - 32, - when F_NDP_Count_Opt => - RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Length).Value) * 8 - 16, - when F_Option_Feature => - 8, - when F_Receive_Rate | F_Timestamp_Echo_Opt | F_Timestamp_Option => - 32, - when F_Option_Value => - 8, - when F_Elapsed_Time_Opt => - (if - Ctx.Cursors (Fld).Predecessor = F_Option_Length - and then (Ctx.Cursors (F_Option_Length).Value >= 4 - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME))) - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Length).Value) * 8 - 16 - elsif - Ctx.Cursors (Fld).Predecessor = F_Timestamp_Echo_Opt - and then (Ctx.Cursors (F_Option_Length).Value >= 8 - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO))) - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Length).Value) * 8 - 48 - else - RFLX_Types.Unreachable))); - if State_Valid then - Ctx.Cursors (Fld) := (State => S_Valid, First => First, Last => Last, Value => Val, Predecessor => Ctx.Cursors (Fld).Predecessor); - else - Ctx.Cursors (Fld) := (State => S_Well_Formed, First => First, Last => Last, Value => Val, Predecessor => Ctx.Cursors (Fld).Predecessor); - end if; - Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); - pragma Assert (Last = (Field_First (Ctx, Fld) + Size) - 1); - end Set; - - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.Base_Integer) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, Fld) - and then Fld in F_Option_Type | F_Option_Length | F_Loss_Event_Rate | F_Option_Feature | F_Receive_Rate | F_Timestamp_Echo_Opt | F_Timestamp_Option - and then RFLX.DCCP.Option.Valid_Value (Fld, Val) - and then RFLX.DCCP.Option.Valid_Size (Ctx, Fld, RFLX.DCCP.Option.Field_Size (Ctx, Fld)) - and then RFLX.DCCP.Option.Available_Space (Ctx, Fld) >= RFLX.DCCP.Option.Field_Size (Ctx, Fld) - and then RFLX.DCCP.Option.Field_Size (Ctx, Fld) in 1 .. RFLX_Types.Base_Integer'Size - and then RFLX_Types.Fits_Into (Val, Natural (RFLX.DCCP.Option.Field_Size (Ctx, Fld))), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, Fld) - and Invalid_Successor (Ctx, Fld) - and (case Fld is - when F_Option_Type => - Get_Option_Type (Ctx) = To_Actual (Val) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)) - then - Predecessor (Ctx, F_Option_Length) = F_Option_Type - and Valid_Next (Ctx, F_Option_Length)) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), - when F_Option_Length => - Get_Option_Length (Ctx) = To_Actual (Val) - and (if - Get_Option_Length (Ctx) >= 4 - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME)) - then - Predecessor (Ctx, F_Elapsed_Time_Opt) = F_Option_Length - and Valid_Next (Ctx, F_Elapsed_Time_Opt)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)) - then - Predecessor (Ctx, F_Loss_Event_Rate) = F_Option_Length - and Valid_Next (Ctx, F_Loss_Event_Rate)) - and (if - Get_Option_Length (Ctx) >= 3 - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT)) - then - Predecessor (Ctx, F_NDP_Count_Opt) = F_Option_Length - and Valid_Next (Ctx, F_NDP_Count_Opt)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R)) - then - Predecessor (Ctx, F_Option_Feature) = F_Option_Length - and Valid_Next (Ctx, F_Option_Feature)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)) - then - Predecessor (Ctx, F_Receive_Rate) = F_Option_Length - and Valid_Next (Ctx, F_Receive_Rate)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) - then - Predecessor (Ctx, F_Timestamp_Echo_Opt) = F_Option_Length - and Valid_Next (Ctx, F_Timestamp_Echo_Opt)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)) - then - Predecessor (Ctx, F_Timestamp_Option) = F_Option_Length - and Valid_Next (Ctx, F_Timestamp_Option)), - when F_Loss_Event_Rate => - Get_Loss_Event_Rate (Ctx) = To_Actual (Val) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), - when F_NDP_Count_Opt => - (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), - when F_Option_Feature => - Get_Option_Feature (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Option_Value) = F_Option_Feature - and Valid_Next (Ctx, F_Option_Value)) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), - when F_Receive_Rate => - Get_Receive_Rate (Ctx) = To_Actual (Val) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), - when F_Timestamp_Echo_Opt => - Get_Timestamp_Echo_Opt (Ctx) = To_Actual (Val) - and (if - Get_Option_Length (Ctx) >= 8 - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) - then - Predecessor (Ctx, F_Elapsed_Time_Opt) = F_Timestamp_Echo_Opt - and Valid_Next (Ctx, F_Elapsed_Time_Opt)), - when F_Timestamp_Option => - Get_Timestamp_Option (Ctx) = To_Actual (Val) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), - when F_Option_Value | F_Elapsed_Time_Opt => - (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld))) - and (for all F in Field => - (if F < Fld then Ctx.Cursors (F) = Ctx.Cursors'Old (F))) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Has_Buffer (Ctx) = Has_Buffer (Ctx)'Old - and Predecessor (Ctx, Fld) = Predecessor (Ctx, Fld)'Old - and Field_First (Ctx, Fld) = Field_First (Ctx, Fld)'Old - is - Buffer_First, Buffer_Last : RFLX_Types.Index; - Offset : RFLX_Types.Offset; - Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); - begin - Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); - RFLX_Types.Lemma_Size (Val, Positive (Size)); - RFLX_Types.Operations.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); - end Set_Scalar; - - procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.DCCP.Opt_Type) is - begin - Set_Scalar (Ctx, F_Option_Type, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Option_Type; - - procedure Set_Option_Length (Ctx : in out Context; Val : RFLX.DCCP.Option_Length_Type) is - begin - Set_Scalar (Ctx, F_Option_Length, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Option_Length; - - procedure Set_Loss_Event_Rate (Ctx : in out Context; Val : RFLX.DCCP.Loss_Rate_Type) is - begin - Set_Scalar (Ctx, F_Loss_Event_Rate, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Loss_Event_Rate; - - procedure Set_Option_Feature (Ctx : in out Context; Val : RFLX.DCCP.Option_Feature_Type) is - begin - Set_Scalar (Ctx, F_Option_Feature, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Option_Feature; - - procedure Set_Receive_Rate (Ctx : in out Context; Val : RFLX.DCCP.Receive_Rate_Type) is - begin - Set_Scalar (Ctx, F_Receive_Rate, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Receive_Rate; - - procedure Set_Timestamp_Echo_Opt (Ctx : in out Context; Val : RFLX.DCCP.Timestamp_Echo_Option_Type) is - begin - Set_Scalar (Ctx, F_Timestamp_Echo_Opt, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Timestamp_Echo_Opt; - - procedure Set_Timestamp_Option (Ctx : in out Context; Val : RFLX.DCCP.Timestamp_Option_Type) is - begin - Set_Scalar (Ctx, F_Timestamp_Option, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Timestamp_Option; - - procedure Initialize_NDP_Count_Opt_Private (Ctx : in out Context; Length : RFLX_Types.Length) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) - and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt, Length) - and then RFLX_Types.To_Length (RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt)) >= Length - and then RFLX.DCCP.Option.Field_First (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) mod RFLX_Types.Byte'Size = 1, - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_NDP_Count_Opt) - and Field_Size (Ctx, F_NDP_Count_Opt) = RFLX_Types.To_Bit_Length (Length) - and Ctx.Verified_Last = Field_Last (Ctx, F_NDP_Count_Opt) - and Invalid (Ctx, F_Option_Feature) - and Invalid (Ctx, F_Receive_Rate) - and Invalid (Ctx, F_Timestamp_Echo_Opt) - and Invalid (Ctx, F_Timestamp_Option) - and Invalid (Ctx, F_Option_Value) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_NDP_Count_Opt) = Predecessor (Ctx, F_NDP_Count_Opt)'Old - and Valid_Next (Ctx, F_NDP_Count_Opt) = Valid_Next (Ctx, F_NDP_Count_Opt)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_NDP_Count_Opt) = Field_First (Ctx, F_NDP_Count_Opt)'Old - is - First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_NDP_Count_Opt); - Last : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_NDP_Count_Opt) + RFLX_Types.Bit_Length (Length) * RFLX_Types.Byte'Size - 1; - begin - pragma Assert (Last mod RFLX_Types.Byte'Size = 0); - Reset_Dependent_Fields (Ctx, F_NDP_Count_Opt); - pragma Warnings (Off, "attribute Update is an obsolescent feature"); - Ctx := Ctx'Update (Verified_Last => Last, Written_Last => Last); - pragma Warnings (On, "attribute Update is an obsolescent feature"); - Ctx.Cursors (F_NDP_Count_Opt) := (State => S_Well_Formed, First => First, Last => Last, Value => 0, Predecessor => Ctx.Cursors (F_NDP_Count_Opt).Predecessor); - Ctx.Cursors (Successor (Ctx, F_NDP_Count_Opt)) := (State => S_Invalid, Predecessor => F_NDP_Count_Opt); - end Initialize_NDP_Count_Opt_Private; - - procedure Initialize_NDP_Count_Opt (Ctx : in out Context) is - begin - Initialize_NDP_Count_Opt_Private (Ctx, RFLX_Types.To_Length (Field_Size (Ctx, F_NDP_Count_Opt))); - end Initialize_NDP_Count_Opt; - - procedure Initialize_Option_Value_Private (Ctx : in out Context; Length : RFLX_Types.Length) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Value) - and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_Option_Value, Length) - and then RFLX_Types.To_Length (RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Value)) >= Length - and then RFLX.DCCP.Option.Field_First (Ctx, RFLX.DCCP.Option.F_Option_Value) mod RFLX_Types.Byte'Size = 1, - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Option_Value) - and Field_Size (Ctx, F_Option_Value) = RFLX_Types.To_Bit_Length (Length) - and Ctx.Verified_Last = Field_Last (Ctx, F_Option_Value) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Option_Value) = Predecessor (Ctx, F_Option_Value)'Old - and Valid_Next (Ctx, F_Option_Value) = Valid_Next (Ctx, F_Option_Value)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Get_Option_Feature (Ctx) = Get_Option_Feature (Ctx)'Old - and Field_First (Ctx, F_Option_Value) = Field_First (Ctx, F_Option_Value)'Old - is - First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Option_Value); - Last : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Option_Value) + RFLX_Types.Bit_Length (Length) * RFLX_Types.Byte'Size - 1; - begin - pragma Assert (Last mod RFLX_Types.Byte'Size = 0); - Reset_Dependent_Fields (Ctx, F_Option_Value); - pragma Warnings (Off, "attribute Update is an obsolescent feature"); - Ctx := Ctx'Update (Verified_Last => Last, Written_Last => Last); - pragma Warnings (On, "attribute Update is an obsolescent feature"); - Ctx.Cursors (F_Option_Value) := (State => S_Well_Formed, First => First, Last => Last, Value => 0, Predecessor => Ctx.Cursors (F_Option_Value).Predecessor); - Ctx.Cursors (Successor (Ctx, F_Option_Value)) := (State => S_Invalid, Predecessor => F_Option_Value); - end Initialize_Option_Value_Private; - - procedure Initialize_Option_Value (Ctx : in out Context) is - begin - Initialize_Option_Value_Private (Ctx, RFLX_Types.To_Length (Field_Size (Ctx, F_Option_Value))); - end Initialize_Option_Value; - - procedure Initialize_Elapsed_Time_Opt_Private (Ctx : in out Context; Length : RFLX_Types.Length) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) - and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt, Length) - and then RFLX_Types.To_Length (RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt)) >= Length - and then RFLX.DCCP.Option.Field_First (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) mod RFLX_Types.Byte'Size = 1, - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Elapsed_Time_Opt) - and Field_Size (Ctx, F_Elapsed_Time_Opt) = RFLX_Types.To_Bit_Length (Length) - and Ctx.Verified_Last = Field_Last (Ctx, F_Elapsed_Time_Opt) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Elapsed_Time_Opt) = Predecessor (Ctx, F_Elapsed_Time_Opt)'Old - and Valid_Next (Ctx, F_Elapsed_Time_Opt) = Valid_Next (Ctx, F_Elapsed_Time_Opt)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_Elapsed_Time_Opt) = Field_First (Ctx, F_Elapsed_Time_Opt)'Old - is - First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Elapsed_Time_Opt); - Last : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Elapsed_Time_Opt) + RFLX_Types.Bit_Length (Length) * RFLX_Types.Byte'Size - 1; - begin - pragma Assert (Last mod RFLX_Types.Byte'Size = 0); - Reset_Dependent_Fields (Ctx, F_Elapsed_Time_Opt); - pragma Warnings (Off, "attribute Update is an obsolescent feature"); - Ctx := Ctx'Update (Verified_Last => Last, Written_Last => Last); - pragma Warnings (On, "attribute Update is an obsolescent feature"); - Ctx.Cursors (F_Elapsed_Time_Opt) := (State => S_Well_Formed, First => First, Last => Last, Value => 0, Predecessor => Ctx.Cursors (F_Elapsed_Time_Opt).Predecessor); - Ctx.Cursors (Successor (Ctx, F_Elapsed_Time_Opt)) := (State => S_Invalid, Predecessor => F_Elapsed_Time_Opt); - end Initialize_Elapsed_Time_Opt_Private; - - procedure Initialize_Elapsed_Time_Opt (Ctx : in out Context) is - begin - Initialize_Elapsed_Time_Opt_Private (Ctx, RFLX_Types.To_Length (Field_Size (Ctx, F_Elapsed_Time_Opt))); - end Initialize_Elapsed_Time_Opt; - - procedure Set_NDP_Count_Opt (Ctx : in out Context; Data : RFLX_Types.Bytes) is - Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (Field_First (Ctx, F_NDP_Count_Opt)); - Buffer_Last : constant RFLX_Types.Index := Buffer_First + Data'Length - 1; - begin - Initialize_NDP_Count_Opt_Private (Ctx, Data'Length); - pragma Assert (Buffer_Last = RFLX_Types.To_Index (Field_Last (Ctx, F_NDP_Count_Opt))); - Ctx.Buffer.all (Buffer_First .. Buffer_Last) := Data; - pragma Assert (Ctx.Buffer.all (RFLX_Types.To_Index (Field_First (Ctx, F_NDP_Count_Opt)) .. RFLX_Types.To_Index (Field_Last (Ctx, F_NDP_Count_Opt))) = Data); - end Set_NDP_Count_Opt; - - procedure Set_Option_Value (Ctx : in out Context; Data : RFLX_Types.Bytes) is - Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (Field_First (Ctx, F_Option_Value)); - Buffer_Last : constant RFLX_Types.Index := Buffer_First + Data'Length - 1; - begin - Initialize_Option_Value_Private (Ctx, Data'Length); - pragma Assert (Buffer_Last = RFLX_Types.To_Index (Field_Last (Ctx, F_Option_Value))); - Ctx.Buffer.all (Buffer_First .. Buffer_Last) := Data; - pragma Assert (Ctx.Buffer.all (RFLX_Types.To_Index (Field_First (Ctx, F_Option_Value)) .. RFLX_Types.To_Index (Field_Last (Ctx, F_Option_Value))) = Data); - end Set_Option_Value; - - procedure Set_Elapsed_Time_Opt (Ctx : in out Context; Data : RFLX_Types.Bytes) is - Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (Field_First (Ctx, F_Elapsed_Time_Opt)); - Buffer_Last : constant RFLX_Types.Index := Buffer_First + Data'Length - 1; - begin - Initialize_Elapsed_Time_Opt_Private (Ctx, Data'Length); - pragma Assert (Buffer_Last = RFLX_Types.To_Index (Field_Last (Ctx, F_Elapsed_Time_Opt))); - Ctx.Buffer.all (Buffer_First .. Buffer_Last) := Data; - pragma Assert (Ctx.Buffer.all (RFLX_Types.To_Index (Field_First (Ctx, F_Elapsed_Time_Opt)) .. RFLX_Types.To_Index (Field_Last (Ctx, F_Elapsed_Time_Opt))) = Data); - end Set_Elapsed_Time_Opt; - - procedure Generic_Set_NDP_Count_Opt (Ctx : in out Context; Length : RFLX_Types.Length) is - First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_NDP_Count_Opt); - Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (First); - Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (First + RFLX_Types.To_Bit_Length (Length) - 1); - begin - Process_NDP_Count_Opt (Ctx.Buffer.all (Buffer_First .. Buffer_Last)); - Initialize_NDP_Count_Opt_Private (Ctx, Length); - end Generic_Set_NDP_Count_Opt; - - procedure Generic_Set_Option_Value (Ctx : in out Context; Length : RFLX_Types.Length) is - First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Option_Value); - Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (First); - Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (First + RFLX_Types.To_Bit_Length (Length) - 1); - begin - Process_Option_Value (Ctx.Buffer.all (Buffer_First .. Buffer_Last)); - Initialize_Option_Value_Private (Ctx, Length); - end Generic_Set_Option_Value; - - procedure Generic_Set_Elapsed_Time_Opt (Ctx : in out Context; Length : RFLX_Types.Length) is - First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Elapsed_Time_Opt); - Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (First); - Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (First + RFLX_Types.To_Bit_Length (Length) - 1); - begin - Process_Elapsed_Time_Opt (Ctx.Buffer.all (Buffer_First .. Buffer_Last)); - Initialize_Elapsed_Time_Opt_Private (Ctx, Length); - end Generic_Set_Elapsed_Time_Opt; - -end RFLX.DCCP.Option; diff --git a/examples/apps/dccp/rflx/generated/rflx-dccp-option.ads b/examples/apps/dccp/rflx/generated/rflx-dccp-option.ads deleted file mode 100644 index d6ce5543d..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-dccp-option.ads +++ /dev/null @@ -1,1559 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); -pragma Warnings (Off, "redundant conversion"); -with RFLX.RFLX_Types; - -package RFLX.DCCP.Option with - SPARK_Mode, - Annotate => - (GNATprove, Always_Return) -is - - pragma Warnings (Off, "use clause for type ""Base_Integer"" * has no effect"); - - pragma Warnings (Off, "use clause for type ""Bytes"" * has no effect"); - - pragma Warnings (Off, """BASE_INTEGER"" is already use-visible through previous use_type_clause"); - - pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); - - use type RFLX_Types.Bytes; - - use type RFLX_Types.Byte; - - use type RFLX_Types.Bytes_Ptr; - - use type RFLX_Types.Length; - - use type RFLX_Types.Index; - - use type RFLX_Types.Bit_Index; - - use type RFLX_Types.Base_Integer; - - use type RFLX_Types.Offset; - - pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - - pragma Warnings (On, """BASE_INTEGER"" is already use-visible through previous use_type_clause"); - - pragma Warnings (On, "use clause for type ""Base_Integer"" * has no effect"); - - pragma Warnings (On, "use clause for type ""Bytes"" * has no effect"); - - pragma Unevaluated_Use_Of_Old (Allow); - - type Virtual_Field is (F_Initial, F_Option_Type, F_Option_Length, F_Loss_Event_Rate, F_NDP_Count_Opt, F_Option_Feature, F_Receive_Rate, F_Timestamp_Echo_Opt, F_Timestamp_Option, F_Option_Value, F_Elapsed_Time_Opt, F_Final); - - subtype Field is Virtual_Field range F_Option_Type .. F_Elapsed_Time_Opt; - - type Field_Cursor is private with - Default_Initial_Condition => - False; - - type Field_Cursors is private with - Default_Initial_Condition => - False; - - type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with - Default_Initial_Condition => - RFLX_Types.To_Index (First) >= Buffer_First - and RFLX_Types.To_Index (Last) <= Buffer_Last - and Buffer_Last < RFLX_Types.Index'Last - and First <= Last + 1 - and Last < RFLX_Types.Bit_Index'Last - and First rem RFLX_Types.Byte'Size = 1 - and Last rem RFLX_Types.Byte'Size = 0; - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; Written_Last : RFLX_Types.Bit_Length := 0) with - Pre => - not Ctx'Constrained - and then Buffer /= null - and then Buffer'Length > 0 - and then Buffer'Last < RFLX_Types.Index'Last - and then (Written_Last = 0 - or (Written_Last >= RFLX_Types.To_First_Bit_Index (Buffer'First) - 1 - and Written_Last <= RFLX_Types.To_Last_Bit_Index (Buffer'Last))) - and then Written_Last mod RFLX_Types.Byte'Size = 0, - Post => - Has_Buffer (Ctx) - and Buffer = null - and Ctx.Buffer_First = Buffer'First'Old - and Ctx.Buffer_Last = Buffer'Last'Old - and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) - and Ctx.Last = RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last) - and Initialized (Ctx), - Depends => - (Ctx => (Buffer, Written_Last), Buffer => null); - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length := 0) with - Pre => - not Ctx'Constrained - and then Buffer /= null - and then Buffer'Length > 0 - and then Buffer'Last < RFLX_Types.Index'Last - and then RFLX_Types.To_Index (First) >= Buffer'First - and then RFLX_Types.To_Index (Last) <= Buffer'Last - and then First <= Last + 1 - and then Last < RFLX_Types.Bit_Index'Last - and then First rem RFLX_Types.Byte'Size = 1 - and then Last rem RFLX_Types.Byte'Size = 0 - and then (Written_Last = 0 - or (Written_Last >= First - 1 - and Written_Last <= Last)) - and then Written_Last rem RFLX_Types.Byte'Size = 0, - Post => - Buffer = null - and Has_Buffer (Ctx) - and Ctx.Buffer_First = Buffer'First'Old - and Ctx.Buffer_Last = Buffer'Last'Old - and Ctx.First = First - and Ctx.Last = Last - and Initialized (Ctx), - Depends => - (Ctx => (Buffer, First, Last, Written_Last), Buffer => null); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Initialized (Ctx : Context) return Boolean with - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - procedure Reset (Ctx : in out Context) with - Pre => - not Ctx'Constrained - and RFLX.DCCP.Option.Has_Buffer (Ctx), - Post => - Has_Buffer (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) - and Ctx.Last = RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last) - and Initialized (Ctx); - - procedure Reset (Ctx : in out Context; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) with - Pre => - not Ctx'Constrained - and RFLX.DCCP.Option.Has_Buffer (Ctx) - and RFLX_Types.To_Index (First) >= Ctx.Buffer_First - and RFLX_Types.To_Index (Last) <= Ctx.Buffer_Last - and First <= Last + 1 - and Last < RFLX_Types.Bit_Length'Last - and First rem RFLX_Types.Byte'Size = 1 - and Last rem RFLX_Types.Byte'Size = 0, - Post => - Has_Buffer (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = First - and Ctx.Last = Last - and Initialized (Ctx); - - procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx), - Post => - not Has_Buffer (Ctx) - and Buffer /= null - and Ctx.Buffer_First = Buffer'First - and Ctx.Buffer_Last = Buffer'Last - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Context_Cursors (Ctx) = Context_Cursors (Ctx)'Old, - Depends => - (Ctx => Ctx, Buffer => Ctx); - - procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Well_Formed_Message (Ctx) - and then RFLX.DCCP.Option.Byte_Size (Ctx) = Buffer'Length; - - function Read (Ctx : Context) return RFLX_Types.Bytes with - Ghost, - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Well_Formed_Message (Ctx); - - pragma Warnings (Off, "formal parameter ""*"" is not referenced"); - - pragma Warnings (Off, "unused variable ""*"""); - - function Always_Valid (Buffer : RFLX_Types.Bytes) return Boolean is - (True); - - pragma Warnings (On, "unused variable ""*"""); - - pragma Warnings (On, "formal parameter ""*"" is not referenced"); - - generic - with procedure Read (Buffer : RFLX_Types.Bytes); - with function Pre (Buffer : RFLX_Types.Bytes) return Boolean is Always_Valid; - procedure Generic_Read (Ctx : Context) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Well_Formed_Message (Ctx) - and then Pre (Read (Ctx)); - - pragma Warnings (Off, "formal parameter ""*"" is not referenced"); - - pragma Warnings (Off, "unused variable ""*"""); - - function Always_Valid (Context_Buffer_Length : RFLX_Types.Length; Offset : RFLX_Types.Length) return Boolean is - (True); - - pragma Warnings (On, "unused variable ""*"""); - - pragma Warnings (On, "formal parameter ""*"" is not referenced"); - - generic - with procedure Write (Buffer : out RFLX_Types.Bytes; Length : out RFLX_Types.Length; Context_Buffer_Length : RFLX_Types.Length; Offset : RFLX_Types.Length); - with function Pre (Context_Buffer_Length : RFLX_Types.Length; Offset : RFLX_Types.Length) return Boolean is Always_Valid; - procedure Generic_Write (Ctx : in out Context; Offset : RFLX_Types.Length := 0) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then Offset < RFLX.DCCP.Option.Buffer_Length (Ctx) - and then Pre (RFLX.DCCP.Option.Buffer_Length (Ctx), Offset), - Post => - Has_Buffer (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) - and Initialized (Ctx); - - function Has_Buffer (Ctx : Context) return Boolean; - - function Buffer_Length (Ctx : Context) return RFLX_Types.Length with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx); - - function Size (Ctx : Context) return RFLX_Types.Bit_Length with - Post => - Size'Result rem RFLX_Types.Byte'Size = 0; - - function Byte_Size (Ctx : Context) return RFLX_Types.Length; - - function Message_Last (Ctx : Context) return RFLX_Types.Bit_Length with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Well_Formed_Message (Ctx); - - function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length; - - procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Well_Formed_Message (Ctx) - and then Data'Length = RFLX.DCCP.Option.Byte_Size (Ctx); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Valid_Value (Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean with - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Path_Condition (Ctx : Context; Fld : Field) return Boolean with - Pre => - RFLX.DCCP.Option.Valid_Predecessor (Ctx, Fld), - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Predecessor (Ctx, Fld) - and then RFLX.DCCP.Option.Valid_Value (Fld, Val) - and then RFLX.DCCP.Option.Valid_Next (Ctx, Fld) - and then RFLX.DCCP.Option.Sufficient_Space (Ctx, Fld), - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - function Field_Size (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length with - Pre => - RFLX.DCCP.Option.Valid_Next (Ctx, Fld), - Post => - (case Fld is - when F_NDP_Count_Opt | F_Option_Value | F_Elapsed_Time_Opt => - Field_Size'Result rem RFLX_Types.Byte'Size = 0, - when others => - True); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Field_First (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Index with - Pre => - RFLX.DCCP.Option.Valid_Next (Ctx, Fld), - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - function Field_Last (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length with - Pre => - RFLX.DCCP.Option.Valid_Next (Ctx, Fld) - and then RFLX.DCCP.Option.Sufficient_Space (Ctx, Fld), - Post => - (case Fld is - when F_NDP_Count_Opt | F_Option_Value | F_Elapsed_Time_Opt => - Field_Last'Result rem RFLX_Types.Byte'Size = 0, - when others => - True); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Predecessor (Ctx : Context; Fld : Virtual_Field) return Virtual_Field with - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Valid_Predecessor (Ctx : Context; Fld : Virtual_Field) return Boolean with - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - function Valid_Next (Ctx : Context; Fld : Field) return Boolean; - - function Available_Space (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length with - Pre => - RFLX.DCCP.Option.Valid_Next (Ctx, Fld); - - function Sufficient_Space (Ctx : Context; Fld : Field) return Boolean with - Pre => - RFLX.DCCP.Option.Valid_Next (Ctx, Fld); - - function Equal (Ctx : Context; Fld : Field; Data : RFLX_Types.Bytes) return Boolean with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and RFLX.DCCP.Option.Valid_Next (Ctx, Fld); - - procedure Verify (Ctx : in out Context; Fld : Field) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx), - Post => - Has_Buffer (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old; - - procedure Verify_Message (Ctx : in out Context) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx), - Post => - Has_Buffer (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old; - - function Present (Ctx : Context; Fld : Field) return Boolean; - - function Well_Formed (Ctx : Context; Fld : Field) return Boolean; - - function Valid (Ctx : Context; Fld : Field) return Boolean with - Post => - (if Valid'Result then Well_Formed (Ctx, Fld) and Present (Ctx, Fld)); - - function Incomplete (Ctx : Context; Fld : Field) return Boolean; - - function Invalid (Ctx : Context; Fld : Field) return Boolean; - - function Well_Formed_Message (Ctx : Context) return Boolean with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx); - - function Valid_Message (Ctx : Context) return Boolean with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Incomplete_Message (Ctx : Context) return Boolean with - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - pragma Warnings (Off, "precondition is always False"); - - function Get_Option_Type (Ctx : Context) return RFLX.DCCP.Opt_Type with - Pre => - RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Option_Type); - - function Get_Option_Length (Ctx : Context) return RFLX.DCCP.Option_Length_Type with - Pre => - RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Option_Length); - - function Get_Loss_Event_Rate (Ctx : Context) return RFLX.DCCP.Loss_Rate_Type with - Pre => - RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Loss_Event_Rate); - - function Get_Option_Feature (Ctx : Context) return RFLX.DCCP.Option_Feature_Type with - Pre => - RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Option_Feature); - - function Get_Receive_Rate (Ctx : Context) return RFLX.DCCP.Receive_Rate_Type with - Pre => - RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Receive_Rate); - - function Get_Timestamp_Echo_Opt (Ctx : Context) return RFLX.DCCP.Timestamp_Echo_Option_Type with - Pre => - RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Timestamp_Echo_Opt); - - function Get_Timestamp_Option (Ctx : Context) return RFLX.DCCP.Timestamp_Option_Type with - Pre => - RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Timestamp_Option); - - pragma Warnings (On, "precondition is always False"); - - function Get_NDP_Count_Opt (Ctx : Context) return RFLX_Types.Bytes with - Ghost, - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Well_Formed (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt), - Post => - Get_NDP_Count_Opt'Result'Length = RFLX_Types.To_Length (Field_Size (Ctx, F_NDP_Count_Opt)); - - function Get_Option_Value (Ctx : Context) return RFLX_Types.Bytes with - Ghost, - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Well_Formed (Ctx, RFLX.DCCP.Option.F_Option_Value) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Value), - Post => - Get_Option_Value'Result'Length = RFLX_Types.To_Length (Field_Size (Ctx, F_Option_Value)); - - function Get_Elapsed_Time_Opt (Ctx : Context) return RFLX_Types.Bytes with - Ghost, - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Well_Formed (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt), - Post => - Get_Elapsed_Time_Opt'Result'Length = RFLX_Types.To_Length (Field_Size (Ctx, F_Elapsed_Time_Opt)); - - procedure Get_NDP_Count_Opt (Ctx : Context; Data : out RFLX_Types.Bytes) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Well_Formed (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) - and then Data'Length = RFLX_Types.To_Length (RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt)), - Post => - Equal (Ctx, F_NDP_Count_Opt, Data); - - procedure Get_Option_Value (Ctx : Context; Data : out RFLX_Types.Bytes) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Well_Formed (Ctx, RFLX.DCCP.Option.F_Option_Value) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Value) - and then Data'Length = RFLX_Types.To_Length (RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Value)), - Post => - Equal (Ctx, F_Option_Value, Data); - - procedure Get_Elapsed_Time_Opt (Ctx : Context; Data : out RFLX_Types.Bytes) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Well_Formed (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) - and then Data'Length = RFLX_Types.To_Length (RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt)), - Post => - Equal (Ctx, F_Elapsed_Time_Opt, Data); - - generic - with procedure Process_NDP_Count_Opt (NDP_Count_Opt : RFLX_Types.Bytes); - procedure Generic_Get_NDP_Count_Opt (Ctx : Context) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and RFLX.DCCP.Option.Present (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt); - - generic - with procedure Process_Option_Value (Option_Value : RFLX_Types.Bytes); - procedure Generic_Get_Option_Value (Ctx : Context) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and RFLX.DCCP.Option.Present (Ctx, RFLX.DCCP.Option.F_Option_Value); - - generic - with procedure Process_Elapsed_Time_Opt (Elapsed_Time_Opt : RFLX_Types.Bytes); - procedure Generic_Get_Elapsed_Time_Opt (Ctx : Context) with - Pre => - RFLX.DCCP.Option.Has_Buffer (Ctx) - and RFLX.DCCP.Option.Present (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Valid_Length (Ctx : Context; Fld : Field; Length : RFLX_Types.Length) return Boolean with - Pre => - RFLX.DCCP.Option.Valid_Next (Ctx, Fld), - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - pragma Warnings (Off, "aspect ""*"" not enforced on inlined subprogram ""*"""); - - procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.DCCP.Opt_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Type) - and then RFLX.DCCP.Valid_Opt_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Type) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Type) - and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Option_Type, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Option_Type) - and Get_Option_Type (Ctx) = Val - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Option_Type)) - and Invalid (Ctx, F_Option_Length) - and Invalid (Ctx, F_Loss_Event_Rate) - and Invalid (Ctx, F_NDP_Count_Opt) - and Invalid (Ctx, F_Option_Feature) - and Invalid (Ctx, F_Receive_Rate) - and Invalid (Ctx, F_Timestamp_Echo_Opt) - and Invalid (Ctx, F_Timestamp_Option) - and Invalid (Ctx, F_Option_Value) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)) - then - Predecessor (Ctx, F_Option_Length) = F_Option_Type - and Valid_Next (Ctx, F_Option_Length)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Option_Type) = Predecessor (Ctx, F_Option_Type)'Old - and Valid_Next (Ctx, F_Option_Type) = Valid_Next (Ctx, F_Option_Type)'Old - and Field_First (Ctx, F_Option_Type) = Field_First (Ctx, F_Option_Type)'Old; - - procedure Set_Option_Length (Ctx : in out Context; Val : RFLX.DCCP.Option_Length_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Length) - and then RFLX.DCCP.Valid_Option_Length_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Length) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Length) - and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Option_Length, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Option_Length) - and Get_Option_Length (Ctx) = Val - and Invalid (Ctx, F_Loss_Event_Rate) - and Invalid (Ctx, F_NDP_Count_Opt) - and Invalid (Ctx, F_Option_Feature) - and Invalid (Ctx, F_Receive_Rate) - and Invalid (Ctx, F_Timestamp_Echo_Opt) - and Invalid (Ctx, F_Timestamp_Option) - and Invalid (Ctx, F_Option_Value) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and (if - Get_Option_Length (Ctx) >= 4 - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME)) - then - Predecessor (Ctx, F_Elapsed_Time_Opt) = F_Option_Length - and Valid_Next (Ctx, F_Elapsed_Time_Opt)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)) - then - Predecessor (Ctx, F_Loss_Event_Rate) = F_Option_Length - and Valid_Next (Ctx, F_Loss_Event_Rate)) - and (if - Get_Option_Length (Ctx) >= 3 - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT)) - then - Predecessor (Ctx, F_NDP_Count_Opt) = F_Option_Length - and Valid_Next (Ctx, F_NDP_Count_Opt)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R)) - then - Predecessor (Ctx, F_Option_Feature) = F_Option_Length - and Valid_Next (Ctx, F_Option_Feature)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)) - then - Predecessor (Ctx, F_Receive_Rate) = F_Option_Length - and Valid_Next (Ctx, F_Receive_Rate)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) - then - Predecessor (Ctx, F_Timestamp_Echo_Opt) = F_Option_Length - and Valid_Next (Ctx, F_Timestamp_Echo_Opt)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)) - then - Predecessor (Ctx, F_Timestamp_Option) = F_Option_Length - and Valid_Next (Ctx, F_Timestamp_Option)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Option_Length) = Predecessor (Ctx, F_Option_Length)'Old - and Valid_Next (Ctx, F_Option_Length) = Valid_Next (Ctx, F_Option_Length)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Field_First (Ctx, F_Option_Length) = Field_First (Ctx, F_Option_Length)'Old - and (for all F in Field range F_Option_Type .. F_Option_Type => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Loss_Event_Rate (Ctx : in out Context; Val : RFLX.DCCP.Loss_Rate_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Loss_Event_Rate) - and then RFLX.DCCP.Valid_Loss_Rate_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Loss_Event_Rate) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Loss_Event_Rate) - and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Loss_Event_Rate, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Loss_Event_Rate) - and Get_Loss_Event_Rate (Ctx) = Val - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Loss_Event_Rate)) - and Invalid (Ctx, F_NDP_Count_Opt) - and Invalid (Ctx, F_Option_Feature) - and Invalid (Ctx, F_Receive_Rate) - and Invalid (Ctx, F_Timestamp_Echo_Opt) - and Invalid (Ctx, F_Timestamp_Option) - and Invalid (Ctx, F_Option_Value) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Loss_Event_Rate) = Predecessor (Ctx, F_Loss_Event_Rate)'Old - and Valid_Next (Ctx, F_Loss_Event_Rate) = Valid_Next (Ctx, F_Loss_Event_Rate)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_Loss_Event_Rate) = Field_First (Ctx, F_Loss_Event_Rate)'Old - and (for all F in Field range F_Option_Type .. F_Option_Length => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Option_Feature (Ctx : in out Context; Val : RFLX.DCCP.Option_Feature_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Feature) - and then RFLX.DCCP.Valid_Option_Feature_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Feature) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Feature) - and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Option_Feature, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Option_Feature) - and Get_Option_Feature (Ctx) = Val - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Option_Feature)) - and Invalid (Ctx, F_Receive_Rate) - and Invalid (Ctx, F_Timestamp_Echo_Opt) - and Invalid (Ctx, F_Timestamp_Option) - and Invalid (Ctx, F_Option_Value) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and (Predecessor (Ctx, F_Option_Value) = F_Option_Feature - and Valid_Next (Ctx, F_Option_Value)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Option_Feature) = Predecessor (Ctx, F_Option_Feature)'Old - and Valid_Next (Ctx, F_Option_Feature) = Valid_Next (Ctx, F_Option_Feature)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_Option_Feature) = Field_First (Ctx, F_Option_Feature)'Old - and (for all F in Field range F_Option_Type .. F_NDP_Count_Opt => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Receive_Rate (Ctx : in out Context; Val : RFLX.DCCP.Receive_Rate_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Receive_Rate) - and then RFLX.DCCP.Valid_Receive_Rate_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Receive_Rate) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Receive_Rate) - and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Receive_Rate, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Receive_Rate) - and Get_Receive_Rate (Ctx) = Val - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Receive_Rate)) - and Invalid (Ctx, F_Timestamp_Echo_Opt) - and Invalid (Ctx, F_Timestamp_Option) - and Invalid (Ctx, F_Option_Value) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Receive_Rate) = Predecessor (Ctx, F_Receive_Rate)'Old - and Valid_Next (Ctx, F_Receive_Rate) = Valid_Next (Ctx, F_Receive_Rate)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_Receive_Rate) = Field_First (Ctx, F_Receive_Rate)'Old - and (for all F in Field range F_Option_Type .. F_Option_Feature => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Timestamp_Echo_Opt (Ctx : in out Context; Val : RFLX.DCCP.Timestamp_Echo_Option_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Timestamp_Echo_Opt) - and then RFLX.DCCP.Valid_Timestamp_Echo_Option_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Timestamp_Echo_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Timestamp_Echo_Opt) - and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Timestamp_Echo_Opt, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Timestamp_Echo_Opt) - and Get_Timestamp_Echo_Opt (Ctx) = Val - and Invalid (Ctx, F_Timestamp_Option) - and Invalid (Ctx, F_Option_Value) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and (if - Get_Option_Length (Ctx) >= 8 - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) - then - Predecessor (Ctx, F_Elapsed_Time_Opt) = F_Timestamp_Echo_Opt - and Valid_Next (Ctx, F_Elapsed_Time_Opt)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Timestamp_Echo_Opt) = Predecessor (Ctx, F_Timestamp_Echo_Opt)'Old - and Valid_Next (Ctx, F_Timestamp_Echo_Opt) = Valid_Next (Ctx, F_Timestamp_Echo_Opt)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_Timestamp_Echo_Opt) = Field_First (Ctx, F_Timestamp_Echo_Opt)'Old - and (for all F in Field range F_Option_Type .. F_Receive_Rate => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Timestamp_Option (Ctx : in out Context; Val : RFLX.DCCP.Timestamp_Option_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Timestamp_Option) - and then RFLX.DCCP.Valid_Timestamp_Option_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Timestamp_Option) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Timestamp_Option) - and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Timestamp_Option, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Timestamp_Option) - and Get_Timestamp_Option (Ctx) = Val - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Timestamp_Option)) - and Invalid (Ctx, F_Option_Value) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Timestamp_Option) = Predecessor (Ctx, F_Timestamp_Option)'Old - and Valid_Next (Ctx, F_Timestamp_Option) = Valid_Next (Ctx, F_Timestamp_Option)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_Timestamp_Option) = Field_First (Ctx, F_Timestamp_Option)'Old - and (for all F in Field range F_Option_Type .. F_Timestamp_Echo_Opt => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - pragma Warnings (On, "aspect ""*"" not enforced on inlined subprogram ""*"""); - - procedure Initialize_NDP_Count_Opt (Ctx : in out Context) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_NDP_Count_Opt) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_NDP_Count_Opt)) - and Invalid (Ctx, F_Option_Feature) - and Invalid (Ctx, F_Receive_Rate) - and Invalid (Ctx, F_Timestamp_Echo_Opt) - and Invalid (Ctx, F_Timestamp_Option) - and Invalid (Ctx, F_Option_Value) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_NDP_Count_Opt) = Predecessor (Ctx, F_NDP_Count_Opt)'Old - and Valid_Next (Ctx, F_NDP_Count_Opt) = Valid_Next (Ctx, F_NDP_Count_Opt)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_NDP_Count_Opt) = Field_First (Ctx, F_NDP_Count_Opt)'Old; - - procedure Initialize_Option_Value (Ctx : in out Context) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Value) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Value) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Value), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Option_Value) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Option_Value)) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Option_Value) = Predecessor (Ctx, F_Option_Value)'Old - and Valid_Next (Ctx, F_Option_Value) = Valid_Next (Ctx, F_Option_Value)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Get_Option_Feature (Ctx) = Get_Option_Feature (Ctx)'Old - and Field_First (Ctx, F_Option_Value) = Field_First (Ctx, F_Option_Value)'Old; - - procedure Initialize_Elapsed_Time_Opt (Ctx : in out Context) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Elapsed_Time_Opt) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Elapsed_Time_Opt)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Elapsed_Time_Opt) = Predecessor (Ctx, F_Elapsed_Time_Opt)'Old - and Valid_Next (Ctx, F_Elapsed_Time_Opt) = Valid_Next (Ctx, F_Elapsed_Time_Opt)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_Elapsed_Time_Opt) = Field_First (Ctx, F_Elapsed_Time_Opt)'Old; - - procedure Set_NDP_Count_Opt (Ctx : in out Context; Data : RFLX_Types.Bytes) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) - and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt, Data'Length) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) >= Data'Length * RFLX_Types.Byte'Size - and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt, 0), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_NDP_Count_Opt) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_NDP_Count_Opt)) - and Invalid (Ctx, F_Option_Feature) - and Invalid (Ctx, F_Receive_Rate) - and Invalid (Ctx, F_Timestamp_Echo_Opt) - and Invalid (Ctx, F_Timestamp_Option) - and Invalid (Ctx, F_Option_Value) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_NDP_Count_Opt) = Predecessor (Ctx, F_NDP_Count_Opt)'Old - and Valid_Next (Ctx, F_NDP_Count_Opt) = Valid_Next (Ctx, F_NDP_Count_Opt)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_NDP_Count_Opt) = Field_First (Ctx, F_NDP_Count_Opt)'Old - and Equal (Ctx, F_NDP_Count_Opt, Data); - - procedure Set_Option_Value (Ctx : in out Context; Data : RFLX_Types.Bytes) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Value) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Value) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Value) - and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_Option_Value, Data'Length) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Value) >= Data'Length * RFLX_Types.Byte'Size - and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Option_Value, 0), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Option_Value) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Option_Value)) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Option_Value) = Predecessor (Ctx, F_Option_Value)'Old - and Valid_Next (Ctx, F_Option_Value) = Valid_Next (Ctx, F_Option_Value)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Get_Option_Feature (Ctx) = Get_Option_Feature (Ctx)'Old - and Field_First (Ctx, F_Option_Value) = Field_First (Ctx, F_Option_Value)'Old - and Equal (Ctx, F_Option_Value, Data); - - procedure Set_Elapsed_Time_Opt (Ctx : in out Context; Data : RFLX_Types.Bytes) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) - and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt, Data'Length) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) >= Data'Length * RFLX_Types.Byte'Size - and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt, 0), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Elapsed_Time_Opt) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Elapsed_Time_Opt)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Elapsed_Time_Opt) = Predecessor (Ctx, F_Elapsed_Time_Opt)'Old - and Valid_Next (Ctx, F_Elapsed_Time_Opt) = Valid_Next (Ctx, F_Elapsed_Time_Opt)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_Elapsed_Time_Opt) = Field_First (Ctx, F_Elapsed_Time_Opt)'Old - and Equal (Ctx, F_Elapsed_Time_Opt, Data); - - generic - with procedure Process_NDP_Count_Opt (NDP_Count_Opt : out RFLX_Types.Bytes); - with function Process_Data_Pre (Length : RFLX_Types.Length) return Boolean; - procedure Generic_Set_NDP_Count_Opt (Ctx : in out Context; Length : RFLX_Types.Length) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) - and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt, Length) - and then RFLX_Types.To_Length (RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt)) >= Length - and then Process_Data_Pre (Length), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_NDP_Count_Opt) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_NDP_Count_Opt)) - and Invalid (Ctx, F_Option_Feature) - and Invalid (Ctx, F_Receive_Rate) - and Invalid (Ctx, F_Timestamp_Echo_Opt) - and Invalid (Ctx, F_Timestamp_Option) - and Invalid (Ctx, F_Option_Value) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_NDP_Count_Opt) = Predecessor (Ctx, F_NDP_Count_Opt)'Old - and Valid_Next (Ctx, F_NDP_Count_Opt) = Valid_Next (Ctx, F_NDP_Count_Opt)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_NDP_Count_Opt) = Field_First (Ctx, F_NDP_Count_Opt)'Old; - - generic - with procedure Process_Option_Value (Option_Value : out RFLX_Types.Bytes); - with function Process_Data_Pre (Length : RFLX_Types.Length) return Boolean; - procedure Generic_Set_Option_Value (Ctx : in out Context; Length : RFLX_Types.Length) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Value) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Value) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Value) - and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_Option_Value, Length) - and then RFLX_Types.To_Length (RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Value)) >= Length - and then Process_Data_Pre (Length), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Option_Value) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Option_Value)) - and Invalid (Ctx, F_Elapsed_Time_Opt) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Option_Value) = Predecessor (Ctx, F_Option_Value)'Old - and Valid_Next (Ctx, F_Option_Value) = Valid_Next (Ctx, F_Option_Value)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Get_Option_Feature (Ctx) = Get_Option_Feature (Ctx)'Old - and Field_First (Ctx, F_Option_Value) = Field_First (Ctx, F_Option_Value)'Old; - - generic - with procedure Process_Elapsed_Time_Opt (Elapsed_Time_Opt : out RFLX_Types.Bytes); - with function Process_Data_Pre (Length : RFLX_Types.Length) return Boolean; - procedure Generic_Set_Elapsed_Time_Opt (Ctx : in out Context; Length : RFLX_Types.Length) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Option.Has_Buffer (Ctx) - and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) - and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) - and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt, Length) - and then RFLX_Types.To_Length (RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt)) >= Length - and then Process_Data_Pre (Length), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Elapsed_Time_Opt) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Elapsed_Time_Opt)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Elapsed_Time_Opt) = Predecessor (Ctx, F_Elapsed_Time_Opt)'Old - and Valid_Next (Ctx, F_Elapsed_Time_Opt) = Valid_Next (Ctx, F_Elapsed_Time_Opt)'Old - and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old - and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old - and Field_First (Ctx, F_Elapsed_Time_Opt) = Field_First (Ctx, F_Elapsed_Time_Opt)'Old; - - function Context_Cursor (Ctx : Context; Fld : Field) return Field_Cursor with - Annotate => - (GNATprove, Inline_For_Proof), - Ghost; - - function Context_Cursors (Ctx : Context) return Field_Cursors with - Annotate => - (GNATprove, Inline_For_Proof), - Ghost; - - function Context_Cursors_Index (Cursors : Field_Cursors; Fld : Field) return Field_Cursor with - Annotate => - (GNATprove, Inline_For_Proof), - Ghost; - -private - - type Cursor_State is (S_Valid, S_Well_Formed, S_Invalid, S_Incomplete); - - type Field_Cursor (State : Cursor_State := S_Invalid) is - record - Predecessor : Virtual_Field := F_Final; - case State is - when S_Valid | S_Well_Formed => - First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; - Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.Base_Integer := 0; - when S_Invalid | S_Incomplete => - null; - end case; - end record; - - type Field_Cursors is array (Virtual_Field) of Field_Cursor; - - function Well_Formed (Cursor : Field_Cursor) return Boolean is - (Cursor.State = S_Valid - or Cursor.State = S_Well_Formed); - - function Valid (Cursor : Field_Cursor) return Boolean is - (Cursor.State = S_Valid); - - function Invalid (Cursor : Field_Cursor) return Boolean is - (Cursor.State = S_Invalid - or Cursor.State = S_Incomplete); - - pragma Warnings (Off, """Buffer"" is not modified, could be of access constant type"); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Valid_Context (Buffer_First, Buffer_Last : RFLX_Types.Index; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Verified_Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length; Buffer : RFLX_Types.Bytes_Ptr; Cursors : Field_Cursors) return Boolean is - ((if Buffer /= null then Buffer'First = Buffer_First and Buffer'Last = Buffer_Last) - and then (RFLX_Types.To_Index (First) >= Buffer_First - and RFLX_Types.To_Index (Last) <= Buffer_Last - and Buffer_Last < RFLX_Types.Index'Last - and First <= Last + 1 - and Last < RFLX_Types.Bit_Index'Last - and First rem RFLX_Types.Byte'Size = 1 - and Last rem RFLX_Types.Byte'Size = 0) - and then First - 1 <= Verified_Last - and then First - 1 <= Written_Last - and then Verified_Last <= Written_Last - and then Written_Last <= Last - and then First rem RFLX_Types.Byte'Size = 1 - and then Last rem RFLX_Types.Byte'Size = 0 - and then Verified_Last rem RFLX_Types.Byte'Size = 0 - and then Written_Last rem RFLX_Types.Byte'Size = 0 - and then (for all F in Field => - (if - Well_Formed (Cursors (F)) - then - Cursors (F).First >= First - and Cursors (F).Last <= Verified_Last - and Cursors (F).First <= Cursors (F).Last + 1 - and Valid_Value (F, Cursors (F).Value))) - and then ((if - Well_Formed (Cursors (F_Option_Length)) - then - (Valid (Cursors (F_Option_Type)) - and then Cursors (F_Option_Length).Predecessor = F_Option_Type - and then (RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) - and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) - and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY))))) - and then (if - Well_Formed (Cursors (F_Loss_Event_Rate)) - then - (Valid (Cursors (F_Option_Length)) - and then Cursors (F_Loss_Event_Rate).Predecessor = F_Option_Length - and then RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)))) - and then (if - Well_Formed (Cursors (F_NDP_Count_Opt)) - then - (Valid (Cursors (F_Option_Length)) - and then Cursors (F_NDP_Count_Opt).Predecessor = F_Option_Length - and then (Cursors (F_Option_Length).Value >= 3 - and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT))))) - and then (if - Well_Formed (Cursors (F_Option_Feature)) - then - (Valid (Cursors (F_Option_Length)) - and then Cursors (F_Option_Feature).Predecessor = F_Option_Length - and then (RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) - or RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) - or RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) - or RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R))))) - and then (if - Well_Formed (Cursors (F_Receive_Rate)) - then - (Valid (Cursors (F_Option_Length)) - and then Cursors (F_Receive_Rate).Predecessor = F_Option_Length - and then RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)))) - and then (if - Well_Formed (Cursors (F_Timestamp_Echo_Opt)) - then - (Valid (Cursors (F_Option_Length)) - and then Cursors (F_Timestamp_Echo_Opt).Predecessor = F_Option_Length - and then RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)))) - and then (if - Well_Formed (Cursors (F_Timestamp_Option)) - then - (Valid (Cursors (F_Option_Length)) - and then Cursors (F_Timestamp_Option).Predecessor = F_Option_Length - and then RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)))) - and then (if - Well_Formed (Cursors (F_Option_Value)) - then - (Valid (Cursors (F_Option_Feature)) - and then Cursors (F_Option_Value).Predecessor = F_Option_Feature)) - and then (if - Well_Formed (Cursors (F_Elapsed_Time_Opt)) - then - (Valid (Cursors (F_Option_Length)) - and then Cursors (F_Elapsed_Time_Opt).Predecessor = F_Option_Length - and then (Cursors (F_Option_Length).Value >= 4 - and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME)))) - or (Valid (Cursors (F_Timestamp_Echo_Opt)) - and then Cursors (F_Elapsed_Time_Opt).Predecessor = F_Timestamp_Echo_Opt - and then (Cursors (F_Option_Length).Value >= 8 - and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)))))) - and then ((if Invalid (Cursors (F_Option_Type)) then Invalid (Cursors (F_Option_Length))) - and then (if Invalid (Cursors (F_Option_Length)) then Invalid (Cursors (F_Loss_Event_Rate))) - and then (if Invalid (Cursors (F_Option_Length)) then Invalid (Cursors (F_NDP_Count_Opt))) - and then (if Invalid (Cursors (F_Option_Length)) then Invalid (Cursors (F_Option_Feature))) - and then (if Invalid (Cursors (F_Option_Length)) then Invalid (Cursors (F_Receive_Rate))) - and then (if Invalid (Cursors (F_Option_Length)) then Invalid (Cursors (F_Timestamp_Echo_Opt))) - and then (if Invalid (Cursors (F_Option_Length)) then Invalid (Cursors (F_Timestamp_Option))) - and then (if Invalid (Cursors (F_Option_Feature)) then Invalid (Cursors (F_Option_Value))) - and then (if - Invalid (Cursors (F_Option_Length)) - and then Invalid (Cursors (F_Timestamp_Echo_Opt)) - then - Invalid (Cursors (F_Elapsed_Time_Opt)))) - and then ((if - Well_Formed (Cursors (F_Option_Type)) - then - (Cursors (F_Option_Type).Last - Cursors (F_Option_Type).First + 1 = 8 - and then Cursors (F_Option_Type).Predecessor = F_Initial - and then Cursors (F_Option_Type).First = First)) - and then (if - Well_Formed (Cursors (F_Option_Length)) - then - (Cursors (F_Option_Length).Last - Cursors (F_Option_Length).First + 1 = 8 - and then Cursors (F_Option_Length).Predecessor = F_Option_Type - and then Cursors (F_Option_Length).First = Cursors (F_Option_Type).Last + 1)) - and then (if - Well_Formed (Cursors (F_Loss_Event_Rate)) - then - (Cursors (F_Loss_Event_Rate).Last - Cursors (F_Loss_Event_Rate).First + 1 = 32 - and then Cursors (F_Loss_Event_Rate).Predecessor = F_Option_Length - and then Cursors (F_Loss_Event_Rate).First = Cursors (F_Option_Length).Last + 1)) - and then (if - Well_Formed (Cursors (F_NDP_Count_Opt)) - then - (Cursors (F_NDP_Count_Opt).Last - Cursors (F_NDP_Count_Opt).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Option_Length).Value) * 8 - 16 - and then Cursors (F_NDP_Count_Opt).Predecessor = F_Option_Length - and then Cursors (F_NDP_Count_Opt).First = Cursors (F_Option_Length).Last + 1)) - and then (if - Well_Formed (Cursors (F_Option_Feature)) - then - (Cursors (F_Option_Feature).Last - Cursors (F_Option_Feature).First + 1 = 8 - and then Cursors (F_Option_Feature).Predecessor = F_Option_Length - and then Cursors (F_Option_Feature).First = Cursors (F_Option_Length).Last + 1)) - and then (if - Well_Formed (Cursors (F_Receive_Rate)) - then - (Cursors (F_Receive_Rate).Last - Cursors (F_Receive_Rate).First + 1 = 32 - and then Cursors (F_Receive_Rate).Predecessor = F_Option_Length - and then Cursors (F_Receive_Rate).First = Cursors (F_Option_Length).Last + 1)) - and then (if - Well_Formed (Cursors (F_Timestamp_Echo_Opt)) - then - (Cursors (F_Timestamp_Echo_Opt).Last - Cursors (F_Timestamp_Echo_Opt).First + 1 = 32 - and then Cursors (F_Timestamp_Echo_Opt).Predecessor = F_Option_Length - and then Cursors (F_Timestamp_Echo_Opt).First = Cursors (F_Option_Length).Last + 1)) - and then (if - Well_Formed (Cursors (F_Timestamp_Option)) - then - (Cursors (F_Timestamp_Option).Last - Cursors (F_Timestamp_Option).First + 1 = 32 - and then Cursors (F_Timestamp_Option).Predecessor = F_Option_Length - and then Cursors (F_Timestamp_Option).First = Cursors (F_Option_Length).Last + 1)) - and then (if - Well_Formed (Cursors (F_Option_Value)) - then - (Cursors (F_Option_Value).Last - Cursors (F_Option_Value).First + 1 = 8 - and then Cursors (F_Option_Value).Predecessor = F_Option_Feature - and then Cursors (F_Option_Value).First = Cursors (F_Option_Feature).Last + 1)) - and then (if - Well_Formed (Cursors (F_Elapsed_Time_Opt)) - then - (if - Well_Formed (Cursors (F_Option_Length)) - and then (Cursors (F_Option_Length).Value >= 4 - and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME))) - then - Cursors (F_Elapsed_Time_Opt).Last - Cursors (F_Elapsed_Time_Opt).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Option_Length).Value) * 8 - 16 - and then Cursors (F_Elapsed_Time_Opt).Predecessor = F_Option_Length - and then Cursors (F_Elapsed_Time_Opt).First = Cursors (F_Option_Length).Last + 1) - and then (if - Well_Formed (Cursors (F_Timestamp_Echo_Opt)) - and then (Cursors (F_Option_Length).Value >= 8 - and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO))) - then - Cursors (F_Elapsed_Time_Opt).Last - Cursors (F_Elapsed_Time_Opt).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Option_Length).Value) * 8 - 48 - and then Cursors (F_Elapsed_Time_Opt).Predecessor = F_Timestamp_Echo_Opt - and then Cursors (F_Elapsed_Time_Opt).First = Cursors (F_Timestamp_Echo_Opt).Last + 1)))) - with - Post => - True; - - pragma Warnings (On, """Buffer"" is not modified, could be of access constant type"); - - pragma Warnings (On, "postcondition does not mention function result"); - - type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is - record - Verified_Last : RFLX_Types.Bit_Length := First - 1; - Written_Last : RFLX_Types.Bit_Length := First - 1; - Buffer : RFLX_Types.Bytes_Ptr := null; - Cursors : Field_Cursors := (others => (State => S_Invalid, Predecessor => F_Final)); - end record with - Dynamic_Predicate => - Valid_Context (Context.Buffer_First, Context.Buffer_Last, Context.First, Context.Last, Context.Verified_Last, Context.Written_Last, Context.Buffer, Context.Cursors); - - function Initialized (Ctx : Context) return Boolean is - (Ctx.Verified_Last = Ctx.First - 1 - and then Valid_Next (Ctx, F_Option_Type) - and then RFLX.DCCP.Option.Field_First (Ctx, RFLX.DCCP.Option.F_Option_Type) rem RFLX_Types.Byte'Size = 1 - and then Available_Space (Ctx, F_Option_Type) = Ctx.Last - Ctx.First + 1 - and then (for all F in Field => - Invalid (Ctx, F))); - - function Has_Buffer (Ctx : Context) return Boolean is - (Ctx.Buffer /= null); - - function Buffer_Length (Ctx : Context) return RFLX_Types.Length is - (Ctx.Buffer'Length); - - function Size (Ctx : Context) return RFLX_Types.Bit_Length is - (Ctx.Verified_Last - Ctx.First + 1); - - function Byte_Size (Ctx : Context) return RFLX_Types.Length is - (RFLX_Types.To_Length (Size (Ctx))); - - function Message_Last (Ctx : Context) return RFLX_Types.Bit_Length is - (Ctx.Verified_Last); - - function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is - (Ctx.Written_Last); - - function Valid_Value (Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean is - ((case Fld is - when F_Option_Type => - RFLX.DCCP.Valid_Opt_Type (Val), - when F_Option_Length => - RFLX.DCCP.Valid_Option_Length_Type (Val), - when F_Loss_Event_Rate => - RFLX.DCCP.Valid_Loss_Rate_Type (Val), - when F_NDP_Count_Opt => - True, - when F_Option_Feature => - RFLX.DCCP.Valid_Option_Feature_Type (Val), - when F_Receive_Rate => - RFLX.DCCP.Valid_Receive_Rate_Type (Val), - when F_Timestamp_Echo_Opt => - RFLX.DCCP.Valid_Timestamp_Echo_Option_Type (Val), - when F_Timestamp_Option => - RFLX.DCCP.Valid_Timestamp_Option_Type (Val), - when F_Option_Value | F_Elapsed_Time_Opt => - True)); - - function Path_Condition (Ctx : Context; Fld : Field) return Boolean is - ((case Ctx.Cursors (Fld).Predecessor is - when F_Initial | F_Loss_Event_Rate | F_NDP_Count_Opt | F_Option_Feature | F_Receive_Rate | F_Timestamp_Option | F_Option_Value | F_Elapsed_Time_Opt | F_Final => - True, - when F_Option_Type => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)), - when F_Option_Length => - (case Fld is - when F_Elapsed_Time_Opt => - Ctx.Cursors (F_Option_Length).Value >= 4 - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME)), - when F_Loss_Event_Rate => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)), - when F_NDP_Count_Opt => - Ctx.Cursors (F_Option_Length).Value >= 3 - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT)), - when F_Option_Feature => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R)), - when F_Receive_Rate => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)), - when F_Timestamp_Echo_Opt => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)), - when F_Timestamp_Option => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)), - when others => - False), - when F_Timestamp_Echo_Opt => - Ctx.Cursors (F_Option_Length).Value >= 8 - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)))); - - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean is - ((case Fld is - when F_Option_Type => - (Val /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) - and Val /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) - and Val /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY))) - or Val = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) - or Val = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) - or Val = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)), - when F_Option_Length => - (Val >= 4 - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME))) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)) - or (Val >= 3 - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT))) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R)), - when F_Loss_Event_Rate | F_NDP_Count_Opt | F_Option_Feature | F_Receive_Rate => - True, - when F_Timestamp_Echo_Opt => - Ctx.Cursors (F_Option_Length).Value >= 8 - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)), - when F_Timestamp_Option | F_Option_Value | F_Elapsed_Time_Opt => - True)); - - function Field_Size (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is - ((case Fld is - when F_Option_Type | F_Option_Length => - 8, - when F_Loss_Event_Rate => - 32, - when F_NDP_Count_Opt => - RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Length).Value) * 8 - 16, - when F_Option_Feature => - 8, - when F_Receive_Rate | F_Timestamp_Echo_Opt | F_Timestamp_Option => - 32, - when F_Option_Value => - 8, - when F_Elapsed_Time_Opt => - (if - Ctx.Cursors (Fld).Predecessor = F_Option_Length - and then (Ctx.Cursors (F_Option_Length).Value >= 4 - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME))) - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Length).Value) * 8 - 16 - elsif - Ctx.Cursors (Fld).Predecessor = F_Timestamp_Echo_Opt - and then (Ctx.Cursors (F_Option_Length).Value >= 8 - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO))) - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Length).Value) * 8 - 48 - else - RFLX_Types.Unreachable))); - - function Field_First (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Index is - ((if Fld = F_Option_Type then Ctx.First else Ctx.Cursors (Ctx.Cursors (Fld).Predecessor).Last + 1)); - - function Field_Last (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is - (Field_First (Ctx, Fld) + Field_Size (Ctx, Fld) - 1); - - function Predecessor (Ctx : Context; Fld : Virtual_Field) return Virtual_Field is - ((case Fld is - when F_Initial => - F_Initial, - when others => - Ctx.Cursors (Fld).Predecessor)); - - function Valid_Predecessor (Ctx : Context; Fld : Virtual_Field) return Boolean is - ((case Fld is - when F_Initial => - True, - when F_Option_Type => - Ctx.Cursors (Fld).Predecessor = F_Initial, - when F_Option_Length => - (Valid (Ctx.Cursors (F_Option_Type)) - and Ctx.Cursors (Fld).Predecessor = F_Option_Type), - when F_Loss_Event_Rate | F_NDP_Count_Opt | F_Option_Feature | F_Receive_Rate | F_Timestamp_Echo_Opt | F_Timestamp_Option => - (Valid (Ctx.Cursors (F_Option_Length)) - and Ctx.Cursors (Fld).Predecessor = F_Option_Length), - when F_Option_Value => - (Valid (Ctx.Cursors (F_Option_Feature)) - and Ctx.Cursors (Fld).Predecessor = F_Option_Feature), - when F_Elapsed_Time_Opt => - (Valid (Ctx.Cursors (F_Option_Length)) - and Ctx.Cursors (Fld).Predecessor = F_Option_Length) - or (Valid (Ctx.Cursors (F_Timestamp_Echo_Opt)) - and Ctx.Cursors (Fld).Predecessor = F_Timestamp_Echo_Opt), - when F_Final => - (Well_Formed (Ctx.Cursors (F_Elapsed_Time_Opt)) - and Ctx.Cursors (Fld).Predecessor = F_Elapsed_Time_Opt) - or (Valid (Ctx.Cursors (F_Loss_Event_Rate)) - and Ctx.Cursors (Fld).Predecessor = F_Loss_Event_Rate) - or (Well_Formed (Ctx.Cursors (F_NDP_Count_Opt)) - and Ctx.Cursors (Fld).Predecessor = F_NDP_Count_Opt) - or (Valid (Ctx.Cursors (F_Option_Feature)) - and Ctx.Cursors (Fld).Predecessor = F_Option_Feature) - or (Valid (Ctx.Cursors (F_Option_Type)) - and Ctx.Cursors (Fld).Predecessor = F_Option_Type) - or (Well_Formed (Ctx.Cursors (F_Option_Value)) - and Ctx.Cursors (Fld).Predecessor = F_Option_Value) - or (Valid (Ctx.Cursors (F_Receive_Rate)) - and Ctx.Cursors (Fld).Predecessor = F_Receive_Rate) - or (Valid (Ctx.Cursors (F_Timestamp_Option)) - and Ctx.Cursors (Fld).Predecessor = F_Timestamp_Option))); - - function Valid_Next (Ctx : Context; Fld : Field) return Boolean is - (Valid_Predecessor (Ctx, Fld) - and then Path_Condition (Ctx, Fld)); - - function Available_Space (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is - (Ctx.Last - Field_First (Ctx, Fld) + 1); - - function Sufficient_Space (Ctx : Context; Fld : Field) return Boolean is - (Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld)); - - function Present (Ctx : Context; Fld : Field) return Boolean is - (Well_Formed (Ctx.Cursors (Fld)) - and then Ctx.Cursors (Fld).First < Ctx.Cursors (Fld).Last + 1); - - function Well_Formed (Ctx : Context; Fld : Field) return Boolean is - (Ctx.Cursors (Fld).State = S_Valid - or Ctx.Cursors (Fld).State = S_Well_Formed); - - function Valid (Ctx : Context; Fld : Field) return Boolean is - (Ctx.Cursors (Fld).State = S_Valid - and then Ctx.Cursors (Fld).First < Ctx.Cursors (Fld).Last + 1); - - function Incomplete (Ctx : Context; Fld : Field) return Boolean is - (Ctx.Cursors (Fld).State = S_Incomplete); - - function Invalid (Ctx : Context; Fld : Field) return Boolean is - (Ctx.Cursors (Fld).State = S_Invalid - or Ctx.Cursors (Fld).State = S_Incomplete); - - function Well_Formed_Message (Ctx : Context) return Boolean is - (Well_Formed (Ctx, F_Elapsed_Time_Opt) - or Valid (Ctx, F_Loss_Event_Rate) - or Well_Formed (Ctx, F_NDP_Count_Opt) - or (Valid (Ctx, F_Option_Feature) - and then ((RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R))) - and (RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Feature).Value) < RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.FEATURE_RESERVED)) - or Ctx.Cursors (F_Option_Feature).Value > 255))) - or (Valid (Ctx, F_Option_Type) - and then (RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)))) - or Well_Formed (Ctx, F_Option_Value) - or Valid (Ctx, F_Receive_Rate) - or Valid (Ctx, F_Timestamp_Option)); - - function Valid_Message (Ctx : Context) return Boolean is - (Valid (Ctx, F_Elapsed_Time_Opt) - or Valid (Ctx, F_Loss_Event_Rate) - or Valid (Ctx, F_NDP_Count_Opt) - or (Valid (Ctx, F_Option_Feature) - and then ((RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R))) - and (RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Feature).Value) < RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.FEATURE_RESERVED)) - or Ctx.Cursors (F_Option_Feature).Value > 255))) - or (Valid (Ctx, F_Option_Type) - and then (RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)))) - or Valid (Ctx, F_Option_Value) - or Valid (Ctx, F_Receive_Rate) - or Valid (Ctx, F_Timestamp_Option)); - - function Incomplete_Message (Ctx : Context) return Boolean is - ((for some F in Field => - Incomplete (Ctx, F))); - - function Get_Option_Type (Ctx : Context) return RFLX.DCCP.Opt_Type is - (To_Actual (Ctx.Cursors (F_Option_Type).Value)); - - function Get_Option_Length (Ctx : Context) return RFLX.DCCP.Option_Length_Type is - (To_Actual (Ctx.Cursors (F_Option_Length).Value)); - - function Get_Loss_Event_Rate (Ctx : Context) return RFLX.DCCP.Loss_Rate_Type is - (To_Actual (Ctx.Cursors (F_Loss_Event_Rate).Value)); - - function Get_Option_Feature (Ctx : Context) return RFLX.DCCP.Option_Feature_Type is - (To_Actual (Ctx.Cursors (F_Option_Feature).Value)); - - function Get_Receive_Rate (Ctx : Context) return RFLX.DCCP.Receive_Rate_Type is - (To_Actual (Ctx.Cursors (F_Receive_Rate).Value)); - - function Get_Timestamp_Echo_Opt (Ctx : Context) return RFLX.DCCP.Timestamp_Echo_Option_Type is - (To_Actual (Ctx.Cursors (F_Timestamp_Echo_Opt).Value)); - - function Get_Timestamp_Option (Ctx : Context) return RFLX.DCCP.Timestamp_Option_Type is - (To_Actual (Ctx.Cursors (F_Timestamp_Option).Value)); - - function Valid_Size (Ctx : Context; Fld : Field; Size : RFLX_Types.Bit_Length) return Boolean is - (Size = Field_Size (Ctx, Fld)) - with - Pre => - RFLX.DCCP.Option.Valid_Next (Ctx, Fld); - - function Valid_Length (Ctx : Context; Fld : Field; Length : RFLX_Types.Length) return Boolean is - (Valid_Size (Ctx, Fld, RFLX_Types.To_Bit_Length (Length))); - - function Context_Cursor (Ctx : Context; Fld : Field) return Field_Cursor is - (Ctx.Cursors (Fld)); - - function Context_Cursors (Ctx : Context) return Field_Cursors is - (Ctx.Cursors); - - function Context_Cursors_Index (Cursors : Field_Cursors; Fld : Field) return Field_Cursor is - (Cursors (Fld)); - -end RFLX.DCCP.Option; diff --git a/examples/apps/dccp/rflx/generated/rflx-dccp-options.ads b/examples/apps/dccp/rflx/generated/rflx-dccp-options.ads deleted file mode 100644 index 6d71fc472..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-dccp-options.ads +++ /dev/null @@ -1,10 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); -pragma Warnings (Off, "redundant conversion"); -pragma SPARK_Mode; -with RFLX.RFLX_Message_Sequence; -with RFLX.DCCP.Option; -pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); -with RFLX.RFLX_Types; -pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); - -package RFLX.DCCP.Options is new RFLX.RFLX_Message_Sequence (RFLX.DCCP.Option.Context, RFLX.DCCP.Option.Initialize, RFLX.DCCP.Option.Take_Buffer, RFLX.DCCP.Option.Copy, RFLX.DCCP.Option.Has_Buffer, RFLX.DCCP.Option.Size, RFLX.DCCP.Option.Message_Last, RFLX.DCCP.Option.Initialized, RFLX.DCCP.Option.Well_Formed_Message); diff --git a/examples/apps/dccp/rflx/generated/rflx-dccp-packet.adb b/examples/apps/dccp/rflx/generated/rflx-dccp-packet.adb deleted file mode 100644 index aa3cc35c8..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-dccp-packet.adb +++ /dev/null @@ -1,1362 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); -pragma Warnings (Off, "redundant conversion"); -with RFLX.RFLX_Types.Operations; - -package body RFLX.DCCP.Packet with - SPARK_Mode -is - - pragma Unevaluated_Use_Of_Old (Allow); - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; Written_Last : RFLX_Types.Bit_Length := 0) is - begin - Initialize (Ctx, Buffer, RFLX_Types.To_First_Bit_Index (Buffer'First), RFLX_Types.To_Last_Bit_Index (Buffer'Last), Written_Last); - end Initialize; - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length := 0) is - Buffer_First : constant RFLX_Types.Index := Buffer'First; - Buffer_Last : constant RFLX_Types.Index := Buffer'Last; - begin - Ctx := (Buffer_First, Buffer_Last, First, Last, First - 1, (if Written_Last = 0 then First - 1 else Written_Last), Buffer, (F_Source_Port => (State => S_Invalid, Predecessor => F_Initial), others => (State => S_Invalid, Predecessor => F_Final))); - Buffer := null; - end Initialize; - - procedure Reset (Ctx : in out Context) is - begin - Reset (Ctx, RFLX_Types.To_First_Bit_Index (Ctx.Buffer'First), RFLX_Types.To_Last_Bit_Index (Ctx.Buffer'Last)); - end Reset; - - procedure Reset (Ctx : in out Context; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) is - begin - Ctx := (Ctx.Buffer_First, Ctx.Buffer_Last, First, Last, First - 1, First - 1, Ctx.Buffer, (F_Source_Port => (State => S_Invalid, Predecessor => F_Initial), others => (State => S_Invalid, Predecessor => F_Final))); - end Reset; - - procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) is - begin - Buffer := Ctx.Buffer; - Ctx.Buffer := null; - end Take_Buffer; - - procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) is - begin - if Buffer'Length > 0 then - Buffer := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last)); - else - Buffer := Ctx.Buffer.all (1 .. 0); - end if; - end Copy; - - function Read (Ctx : Context) return RFLX_Types.Bytes is - (Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last))); - - procedure Generic_Read (Ctx : Context) is - begin - Read (Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last))); - end Generic_Read; - - procedure Generic_Write (Ctx : in out Context; Offset : RFLX_Types.Length := 0) is - Length : RFLX_Types.Length; - begin - Reset (Ctx, RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First), RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last)); - Write (Ctx.Buffer.all (Ctx.Buffer'First + RFLX_Types.Index (Offset + 1) - 1 .. Ctx.Buffer'Last), Length, Ctx.Buffer'Length, Offset); - pragma Assert (Length <= Ctx.Buffer.all'Length, "Length <= Buffer'Length is not ensured by postcondition of ""Write"""); - Ctx.Written_Last := RFLX_Types.Bit_Index'Max (Ctx.Written_Last, RFLX_Types.To_Last_Bit_Index (RFLX_Types.Length (Ctx.Buffer_First) + Offset + Length - 1)); - end Generic_Write; - - procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) is - begin - Data := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last)); - end Data; - - pragma Warnings (Off, "precondition is always False"); - - function Successor (Ctx : Context; Fld : Field) return Virtual_Field is - ((case Fld is - when F_Source_Port => - F_Destination_Port, - when F_Destination_Port => - F_Data_Offset, - when F_Data_Offset => - F_CCVal, - when F_CCVal => - F_CsCov, - when F_CsCov => - F_Checksum, - when F_Checksum => - F_Res_3, - when F_Res_3 => - F_Packet_Type, - when F_Packet_Type => - F_X, - when F_X => - (if - RFLX_Types.Base_Integer (Ctx.Cursors (F_X).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)) - then - F_Res_8 - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_X).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)) - then - F_Sequence_Number_Short - else - F_Initial), - when F_Res_8 => - F_Sequence_Number_Long, - when F_Sequence_Number_Short => - (if - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - F_Ack_Reserved_Short - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - F_Data - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - F_Options - else - F_Initial), - when F_Sequence_Number_Long => - (if - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - F_Ack_Reserved_Long - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - F_Data - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - F_Options - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - F_Service_Code - else - F_Initial), - when F_Ack_Reserved_Short => - F_Ack_Number_Short, - when F_Ack_Reserved_Long => - F_Ack_Number_Long, - when F_Ack_Number_Short => - (if - (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - F_Data - elsif - (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - F_Options - else - F_Initial), - when F_Ack_Number_Long => - (if - (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - F_Data - elsif - (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - F_Options - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)) - then - F_Reset_Code - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)) - then - F_Service_Code - else - F_Initial), - when F_Reset_Code => - F_Data_1, - when F_Service_Code => - (if - RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - F_Data - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - F_Options - else - F_Initial), - when F_Data_1 => - F_Data_2, - when F_Data_2 => - F_Data_3, - when F_Data_3 => - (if - RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - F_Data - elsif - RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - F_Options - else - F_Initial), - when F_Options => - F_Data, - when F_Data => - F_Final)) - with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and RFLX.DCCP.Packet.Well_Formed (Ctx, Fld) - and RFLX.DCCP.Packet.Valid_Predecessor (Ctx, Fld); - - pragma Warnings (On, "precondition is always False"); - - function Invalid_Successor (Ctx : Context; Fld : Field) return Boolean is - ((case Fld is - when F_Source_Port => - Invalid (Ctx.Cursors (F_Destination_Port)), - when F_Destination_Port => - Invalid (Ctx.Cursors (F_Data_Offset)), - when F_Data_Offset => - Invalid (Ctx.Cursors (F_CCVal)), - when F_CCVal => - Invalid (Ctx.Cursors (F_CsCov)), - when F_CsCov => - Invalid (Ctx.Cursors (F_Checksum)), - when F_Checksum => - Invalid (Ctx.Cursors (F_Res_3)), - when F_Res_3 => - Invalid (Ctx.Cursors (F_Packet_Type)), - when F_Packet_Type => - Invalid (Ctx.Cursors (F_X)), - when F_X => - Invalid (Ctx.Cursors (F_Res_8)) - and Invalid (Ctx.Cursors (F_Sequence_Number_Short)), - when F_Res_8 => - Invalid (Ctx.Cursors (F_Sequence_Number_Long)), - when F_Sequence_Number_Short => - Invalid (Ctx.Cursors (F_Ack_Reserved_Short)) - and Invalid (Ctx.Cursors (F_Data)) - and Invalid (Ctx.Cursors (F_Options)), - when F_Sequence_Number_Long => - Invalid (Ctx.Cursors (F_Ack_Reserved_Long)) - and Invalid (Ctx.Cursors (F_Data)) - and Invalid (Ctx.Cursors (F_Options)) - and Invalid (Ctx.Cursors (F_Service_Code)), - when F_Ack_Reserved_Short => - Invalid (Ctx.Cursors (F_Ack_Number_Short)), - when F_Ack_Reserved_Long => - Invalid (Ctx.Cursors (F_Ack_Number_Long)), - when F_Ack_Number_Short => - Invalid (Ctx.Cursors (F_Data)) - and Invalid (Ctx.Cursors (F_Options)), - when F_Ack_Number_Long => - Invalid (Ctx.Cursors (F_Data)) - and Invalid (Ctx.Cursors (F_Options)) - and Invalid (Ctx.Cursors (F_Reset_Code)) - and Invalid (Ctx.Cursors (F_Service_Code)), - when F_Reset_Code => - Invalid (Ctx.Cursors (F_Data_1)), - when F_Service_Code => - Invalid (Ctx.Cursors (F_Data)) - and Invalid (Ctx.Cursors (F_Options)), - when F_Data_1 => - Invalid (Ctx.Cursors (F_Data_2)), - when F_Data_2 => - Invalid (Ctx.Cursors (F_Data_3)), - when F_Data_3 => - Invalid (Ctx.Cursors (F_Data)) - and Invalid (Ctx.Cursors (F_Options)), - when F_Options => - Invalid (Ctx.Cursors (F_Data)), - when F_Data => - True)); - - function Sufficient_Buffer_Length (Ctx : Context; Fld : Field) return Boolean is - (Ctx.Buffer /= null - and Field_First (Ctx, Fld) + Field_Size (Ctx, Fld) < RFLX_Types.Bit_Length'Last - and Ctx.First <= Field_First (Ctx, Fld) - and Field_First (Ctx, Fld) + Field_Size (Ctx, Fld) - 1 <= Ctx.Written_Last) - with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and RFLX.DCCP.Packet.Valid_Next (Ctx, Fld); - - function Equal (Ctx : Context; Fld : Field; Data : RFLX_Types.Bytes) return Boolean is - (Sufficient_Buffer_Length (Ctx, Fld) - and then (case Fld is - when F_Options | F_Data => - Data'Length = RFLX_Types.To_Index (Field_Last (Ctx, Fld)) - RFLX_Types.To_Index (Field_First (Ctx, Fld)) + 1 - and then (for all I in RFLX_Types.Index range RFLX_Types.To_Index (Field_First (Ctx, Fld)) .. RFLX_Types.To_Index (Field_Last (Ctx, Fld)) => - Ctx.Buffer.all (I) = Data (Data'First + (I - RFLX_Types.To_Index (Field_First (Ctx, Fld))))), - when others => - False)); - - procedure Reset_Dependent_Fields (Ctx : in out Context; Fld : Field) with - Pre => - RFLX.DCCP.Packet.Valid_Next (Ctx, Fld), - Post => - Valid_Next (Ctx, Fld) - and Invalid (Ctx.Cursors (Fld)) - and Invalid_Successor (Ctx, Fld) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Ctx.Cursors (Fld).Predecessor = Ctx.Cursors (Fld).Predecessor'Old - and Has_Buffer (Ctx) = Has_Buffer (Ctx)'Old - and Field_First (Ctx, Fld) = Field_First (Ctx, Fld)'Old - and Field_Size (Ctx, Fld) = Field_Size (Ctx, Fld)'Old - and (for all F in Field => - (if F < Fld then Ctx.Cursors (F) = Ctx.Cursors'Old (F) else Invalid (Ctx, F))) - is - First : constant RFLX_Types.Bit_Length := Field_First (Ctx, Fld) with - Ghost; - Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld) with - Ghost; - begin - pragma Assert (Field_First (Ctx, Fld) = First - and Field_Size (Ctx, Fld) = Size); - for Fld_Loop in reverse Field'Succ (Fld) .. Field'Last loop - Ctx.Cursors (Fld_Loop) := (S_Invalid, F_Final); - pragma Loop_Invariant (Field_First (Ctx, Fld) = First - and Field_Size (Ctx, Fld) = Size); - pragma Loop_Invariant ((for all F in Field => - (if F < Fld_Loop then Ctx.Cursors (F) = Ctx.Cursors'Loop_Entry (F) else Invalid (Ctx, F)))); - end loop; - pragma Assert (Field_First (Ctx, Fld) = First - and Field_Size (Ctx, Fld) = Size); - Ctx.Cursors (Fld) := (S_Invalid, Ctx.Cursors (Fld).Predecessor); - pragma Assert (Field_First (Ctx, Fld) = First - and Field_Size (Ctx, Fld) = Size); - end Reset_Dependent_Fields; - - function Composite_Field (Fld : Field) return Boolean is - (Fld in F_Options | F_Data); - - function Get (Ctx : Context; Fld : Field) return RFLX_Types.Base_Integer with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, Fld) - and then RFLX.DCCP.Packet.Sufficient_Buffer_Length (Ctx, Fld) - and then not RFLX.DCCP.Packet.Composite_Field (Fld) - is - First : constant RFLX_Types.Bit_Index := Field_First (Ctx, Fld); - Last : constant RFLX_Types.Bit_Index := Field_Last (Ctx, Fld); - Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (First); - Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Last); - Offset : constant RFLX_Types.Offset := RFLX_Types.Offset ((RFLX_Types.Byte'Size - Last mod RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size); - Size : constant Positive := (case Fld is - when F_Source_Port | F_Destination_Port => - 16, - when F_Data_Offset => - 8, - when F_CCVal | F_CsCov => - 4, - when F_Checksum => - 16, - when F_Res_3 => - 3, - when F_Packet_Type => - 4, - when F_X => - 1, - when F_Res_8 => - 8, - when F_Sequence_Number_Short => - 24, - when F_Sequence_Number_Long => - 48, - when F_Ack_Reserved_Short => - 8, - when F_Ack_Reserved_Long => - 16, - when F_Ack_Number_Short => - 24, - when F_Ack_Number_Long => - 48, - when F_Reset_Code => - 8, - when F_Service_Code => - 32, - when F_Data_1 | F_Data_2 | F_Data_3 => - 8, - when others => - Positive'Last); - Byte_Order : constant RFLX_Types.Byte_Order := RFLX_Types.High_Order_First; - begin - return RFLX_Types.Operations.Extract (Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Size, Byte_Order); - end Get; - - procedure Verify (Ctx : in out Context; Fld : Field) is - Value : RFLX_Types.Base_Integer; - begin - if - Invalid (Ctx.Cursors (Fld)) - and then Valid_Predecessor (Ctx, Fld) - and then Path_Condition (Ctx, Fld) - then - if Sufficient_Buffer_Length (Ctx, Fld) then - Value := (if Composite_Field (Fld) then 0 else Get (Ctx, Fld)); - if - Valid_Value (Fld, Value) - and then Field_Condition (Ctx, Fld, Value) - then - pragma Assert ((if Fld = F_Data then Field_Last (Ctx, Fld) mod RFLX_Types.Byte'Size = 0)); - pragma Assert ((((Field_Last (Ctx, Fld) + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size = 0); - Ctx.Verified_Last := ((Field_Last (Ctx, Fld) + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size; - pragma Assert (Field_Last (Ctx, Fld) <= Ctx.Verified_Last); - if Composite_Field (Fld) then - Ctx.Cursors (Fld) := (State => S_Well_Formed, First => Field_First (Ctx, Fld), Last => Field_Last (Ctx, Fld), Value => Value, Predecessor => Ctx.Cursors (Fld).Predecessor); - else - Ctx.Cursors (Fld) := (State => S_Valid, First => Field_First (Ctx, Fld), Last => Field_Last (Ctx, Fld), Value => Value, Predecessor => Ctx.Cursors (Fld).Predecessor); - end if; - Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); - else - Ctx.Cursors (Fld) := (State => S_Invalid, Predecessor => F_Final); - end if; - else - Ctx.Cursors (Fld) := (State => S_Incomplete, Predecessor => F_Final); - end if; - end if; - end Verify; - - procedure Verify_Message (Ctx : in out Context) is - begin - for F in Field loop - pragma Loop_Invariant (Has_Buffer (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Loop_Entry - and Ctx.Buffer_Last = Ctx.Buffer_Last'Loop_Entry - and Ctx.First = Ctx.First'Loop_Entry - and Ctx.Last = Ctx.Last'Loop_Entry); - Verify (Ctx, F); - end loop; - end Verify_Message; - - function Get_Data (Ctx : Context) return RFLX_Types.Bytes is - First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Data).First); - Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Data).Last); - begin - return Ctx.Buffer.all (First .. Last); - end Get_Data; - - procedure Get_Data (Ctx : Context; Data : out RFLX_Types.Bytes) is - First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Data).First); - Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Data).Last); - begin - Data := (others => RFLX_Types.Byte'First); - Data (Data'First .. Data'First + (Last - First)) := Ctx.Buffer.all (First .. Last); - end Get_Data; - - procedure Generic_Get_Data (Ctx : Context) is - First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Data).First); - Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Data).Last); - begin - Process_Data (Ctx.Buffer.all (First .. Last)); - end Generic_Get_Data; - - procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.Base_Integer; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, Fld) - and then RFLX.DCCP.Packet.Valid_Value (Fld, Val) - and then RFLX.DCCP.Packet.Valid_Size (Ctx, Fld, Size) - and then Size <= RFLX.DCCP.Packet.Available_Space (Ctx, Fld) - and then (if RFLX.DCCP.Packet.Composite_Field (Fld) then Size mod RFLX_Types.Byte'Size = 0 else State_Valid), - Post => - Valid_Next (Ctx, Fld) - and then Invalid_Successor (Ctx, Fld) - and then Buffer_First = RFLX_Types.To_Index (Field_First (Ctx, Fld)) - and then Buffer_Last = RFLX_Types.To_Index (Field_First (Ctx, Fld) + Size - 1) - and then Offset = RFLX_Types.Offset ((RFLX_Types.Byte'Size - (Field_First (Ctx, Fld) + Size - 1) mod RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size) - and then Ctx.Buffer_First = Ctx.Buffer_First'Old - and then Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and then Ctx.First = Ctx.First'Old - and then Ctx.Last = Ctx.Last'Old - and then Ctx.Buffer_First = Ctx.Buffer_First'Old - and then Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and then Ctx.First = Ctx.First'Old - and then Ctx.Last = Ctx.Last'Old - and then Has_Buffer (Ctx) = Has_Buffer (Ctx)'Old - and then Predecessor (Ctx, Fld) = Predecessor (Ctx, Fld)'Old - and then Field_First (Ctx, Fld) = Field_First (Ctx, Fld)'Old - and then Sufficient_Space (Ctx, Fld) - and then (if State_Valid and Size > 0 then Valid (Ctx, Fld) else Well_Formed (Ctx, Fld)) - and then (case Fld is - when F_Source_Port => - Get_Source_Port (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Destination_Port) = F_Source_Port - and Valid_Next (Ctx, F_Destination_Port)), - when F_Destination_Port => - Get_Destination_Port (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Data_Offset) = F_Destination_Port - and Valid_Next (Ctx, F_Data_Offset)), - when F_Data_Offset => - Get_Data_Offset (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_CCVal) = F_Data_Offset - and Valid_Next (Ctx, F_CCVal)), - when F_CCVal => - Get_CCVal (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_CsCov) = F_CCVal - and Valid_Next (Ctx, F_CsCov)), - when F_CsCov => - Get_CsCov (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Checksum) = F_CsCov - and Valid_Next (Ctx, F_Checksum)), - when F_Checksum => - Get_Checksum (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Res_3) = F_Checksum - and Valid_Next (Ctx, F_Res_3)), - when F_Res_3 => - Get_Res_3 (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Packet_Type) = F_Res_3 - and Valid_Next (Ctx, F_Packet_Type)), - when F_Packet_Type => - Get_Packet_Type (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_X) = F_Packet_Type - and Valid_Next (Ctx, F_X)), - when F_X => - Get_X (Ctx) = To_Actual (Val) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_X (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)) - then - Predecessor (Ctx, F_Res_8) = F_X - and Valid_Next (Ctx, F_Res_8)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_X (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)) - then - Predecessor (Ctx, F_Sequence_Number_Short) = F_X - and Valid_Next (Ctx, F_Sequence_Number_Short)), - when F_Res_8 => - Get_Res_8 (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Sequence_Number_Long) = F_Res_8 - and Valid_Next (Ctx, F_Sequence_Number_Long)), - when F_Sequence_Number_Short => - Get_Sequence_Number_Short (Ctx) = To_Actual (Val) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - Predecessor (Ctx, F_Ack_Reserved_Short) = F_Sequence_Number_Short - and Valid_Next (Ctx, F_Ack_Reserved_Short)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Sequence_Number_Short - and Valid_Next (Ctx, F_Data)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Sequence_Number_Short - and Valid_Next (Ctx, F_Options)), - when F_Sequence_Number_Long => - Get_Sequence_Number_Long (Ctx) = To_Actual (Val) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - Predecessor (Ctx, F_Ack_Reserved_Long) = F_Sequence_Number_Long - and Valid_Next (Ctx, F_Ack_Reserved_Long)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Sequence_Number_Long - and Valid_Next (Ctx, F_Data)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Sequence_Number_Long - and Valid_Next (Ctx, F_Options)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - Predecessor (Ctx, F_Service_Code) = F_Sequence_Number_Long - and Valid_Next (Ctx, F_Service_Code)), - when F_Ack_Reserved_Short => - Get_Ack_Reserved_Short (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Ack_Number_Short) = F_Ack_Reserved_Short - and Valid_Next (Ctx, F_Ack_Number_Short)), - when F_Ack_Reserved_Long => - Get_Ack_Reserved_Long (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Ack_Number_Long) = F_Ack_Reserved_Long - and Valid_Next (Ctx, F_Ack_Number_Long)), - when F_Ack_Number_Short => - Get_Ack_Number_Short (Ctx) = To_Actual (Val) - and (if - (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Ack_Number_Short - and Valid_Next (Ctx, F_Data)) - and (if - (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Ack_Number_Short - and Valid_Next (Ctx, F_Options)), - when F_Ack_Number_Long => - Get_Ack_Number_Long (Ctx) = To_Actual (Val) - and (if - (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Ack_Number_Long - and Valid_Next (Ctx, F_Data)) - and (if - (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Ack_Number_Long - and Valid_Next (Ctx, F_Options)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)) - then - Predecessor (Ctx, F_Reset_Code) = F_Ack_Number_Long - and Valid_Next (Ctx, F_Reset_Code)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)) - then - Predecessor (Ctx, F_Service_Code) = F_Ack_Number_Long - and Valid_Next (Ctx, F_Service_Code)), - when F_Reset_Code => - Get_Reset_Code (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Data_1) = F_Reset_Code - and Valid_Next (Ctx, F_Data_1)), - when F_Service_Code => - Get_Service_Code (Ctx) = To_Actual (Val) - and (if - RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Service_Code - and Valid_Next (Ctx, F_Data)) - and (if - RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Service_Code - and Valid_Next (Ctx, F_Options)), - when F_Data_1 => - Get_Data_1 (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Data_2) = F_Data_1 - and Valid_Next (Ctx, F_Data_2)), - when F_Data_2 => - Get_Data_2 (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Data_3) = F_Data_2 - and Valid_Next (Ctx, F_Data_3)), - when F_Data_3 => - Get_Data_3 (Ctx) = To_Actual (Val) - and (if - RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Data_3 - and Valid_Next (Ctx, F_Data)) - and (if - RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Data_3 - and Valid_Next (Ctx, F_Options)), - when F_Options => - (Predecessor (Ctx, F_Data) = F_Options - and Valid_Next (Ctx, F_Data)), - when F_Data => - (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld))) - and then (for all F in Field => - (if F < Fld then Ctx.Cursors (F) = Ctx.Cursors'Old (F))) - is - First : RFLX_Types.Bit_Index; - Last : RFLX_Types.Bit_Length; - begin - Reset_Dependent_Fields (Ctx, Fld); - First := Field_First (Ctx, Fld); - Last := Field_First (Ctx, Fld) + Size - 1; - Offset := RFLX_Types.Offset ((RFLX_Types.Byte'Size - Last mod RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size); - Buffer_First := RFLX_Types.To_Index (First); - Buffer_Last := RFLX_Types.To_Index (Last); - pragma Assert ((((Last + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size = 0); - pragma Warnings (Off, "attribute Update is an obsolescent feature"); - Ctx := Ctx'Update (Verified_Last => ((Last + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size, Written_Last => ((Last + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size); - pragma Warnings (On, "attribute Update is an obsolescent feature"); - pragma Assert (Size = (case Fld is - when F_Source_Port | F_Destination_Port => - 16, - when F_Data_Offset => - 8, - when F_CCVal | F_CsCov => - 4, - when F_Checksum => - 16, - when F_Res_3 => - 3, - when F_Packet_Type => - 4, - when F_X => - 1, - when F_Res_8 => - 8, - when F_Sequence_Number_Short => - 24, - when F_Sequence_Number_Long => - 48, - when F_Ack_Reserved_Short => - 8, - when F_Ack_Reserved_Long => - 16, - when F_Ack_Number_Short => - 24, - when F_Ack_Number_Long => - 48, - when F_Reset_Code => - 8, - when F_Service_Code => - 32, - when F_Data_1 | F_Data_2 | F_Data_3 => - 8, - when F_Options => - (if - Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long - and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) - elsif - Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short - and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) - elsif - Ctx.Cursors (Fld).Predecessor = F_Data_3 - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) - elsif - Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) - elsif - Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) - elsif - Ctx.Cursors (Fld).Predecessor = F_Service_Code - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) - else - RFLX_Types.Unreachable), - when F_Data => - (if - Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long - and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) - elsif - Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short - and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) - elsif - Ctx.Cursors (Fld).Predecessor = F_Data_3 - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) - elsif - Ctx.Cursors (Fld).Predecessor = F_Options - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Options).Last) - elsif - Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) - elsif - Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) - elsif - Ctx.Cursors (Fld).Predecessor = F_Service_Code - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) - else - RFLX_Types.Unreachable))); - if State_Valid then - Ctx.Cursors (Fld) := (State => S_Valid, First => First, Last => Last, Value => Val, Predecessor => Ctx.Cursors (Fld).Predecessor); - else - Ctx.Cursors (Fld) := (State => S_Well_Formed, First => First, Last => Last, Value => Val, Predecessor => Ctx.Cursors (Fld).Predecessor); - end if; - Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); - pragma Assert (Last = (Field_First (Ctx, Fld) + Size) - 1); - end Set; - - procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.Base_Integer) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, Fld) - and then Fld in F_Source_Port | F_Destination_Port | F_Data_Offset | F_CCVal | F_CsCov | F_Checksum | F_Res_3 | F_Packet_Type | F_X | F_Res_8 | F_Sequence_Number_Short | F_Sequence_Number_Long | F_Ack_Reserved_Short | F_Ack_Reserved_Long | F_Ack_Number_Short | F_Ack_Number_Long | F_Reset_Code | F_Service_Code | F_Data_1 | F_Data_2 | F_Data_3 - and then RFLX.DCCP.Packet.Valid_Value (Fld, Val) - and then RFLX.DCCP.Packet.Valid_Size (Ctx, Fld, RFLX.DCCP.Packet.Field_Size (Ctx, Fld)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, Fld) >= RFLX.DCCP.Packet.Field_Size (Ctx, Fld) - and then RFLX.DCCP.Packet.Field_Size (Ctx, Fld) in 1 .. RFLX_Types.Base_Integer'Size - and then RFLX_Types.Fits_Into (Val, Natural (RFLX.DCCP.Packet.Field_Size (Ctx, Fld))), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, Fld) - and Invalid_Successor (Ctx, Fld) - and (case Fld is - when F_Source_Port => - Get_Source_Port (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Destination_Port) = F_Source_Port - and Valid_Next (Ctx, F_Destination_Port)), - when F_Destination_Port => - Get_Destination_Port (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Data_Offset) = F_Destination_Port - and Valid_Next (Ctx, F_Data_Offset)), - when F_Data_Offset => - Get_Data_Offset (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_CCVal) = F_Data_Offset - and Valid_Next (Ctx, F_CCVal)), - when F_CCVal => - Get_CCVal (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_CsCov) = F_CCVal - and Valid_Next (Ctx, F_CsCov)), - when F_CsCov => - Get_CsCov (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Checksum) = F_CsCov - and Valid_Next (Ctx, F_Checksum)), - when F_Checksum => - Get_Checksum (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Res_3) = F_Checksum - and Valid_Next (Ctx, F_Res_3)), - when F_Res_3 => - Get_Res_3 (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Packet_Type) = F_Res_3 - and Valid_Next (Ctx, F_Packet_Type)), - when F_Packet_Type => - Get_Packet_Type (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_X) = F_Packet_Type - and Valid_Next (Ctx, F_X)), - when F_X => - Get_X (Ctx) = To_Actual (Val) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_X (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)) - then - Predecessor (Ctx, F_Res_8) = F_X - and Valid_Next (Ctx, F_Res_8)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_X (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)) - then - Predecessor (Ctx, F_Sequence_Number_Short) = F_X - and Valid_Next (Ctx, F_Sequence_Number_Short)), - when F_Res_8 => - Get_Res_8 (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Sequence_Number_Long) = F_Res_8 - and Valid_Next (Ctx, F_Sequence_Number_Long)), - when F_Sequence_Number_Short => - Get_Sequence_Number_Short (Ctx) = To_Actual (Val) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - Predecessor (Ctx, F_Ack_Reserved_Short) = F_Sequence_Number_Short - and Valid_Next (Ctx, F_Ack_Reserved_Short)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Sequence_Number_Short - and Valid_Next (Ctx, F_Data)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Sequence_Number_Short - and Valid_Next (Ctx, F_Options)), - when F_Sequence_Number_Long => - Get_Sequence_Number_Long (Ctx) = To_Actual (Val) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - Predecessor (Ctx, F_Ack_Reserved_Long) = F_Sequence_Number_Long - and Valid_Next (Ctx, F_Ack_Reserved_Long)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Sequence_Number_Long - and Valid_Next (Ctx, F_Data)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Sequence_Number_Long - and Valid_Next (Ctx, F_Options)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - Predecessor (Ctx, F_Service_Code) = F_Sequence_Number_Long - and Valid_Next (Ctx, F_Service_Code)), - when F_Ack_Reserved_Short => - Get_Ack_Reserved_Short (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Ack_Number_Short) = F_Ack_Reserved_Short - and Valid_Next (Ctx, F_Ack_Number_Short)), - when F_Ack_Reserved_Long => - Get_Ack_Reserved_Long (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Ack_Number_Long) = F_Ack_Reserved_Long - and Valid_Next (Ctx, F_Ack_Number_Long)), - when F_Ack_Number_Short => - Get_Ack_Number_Short (Ctx) = To_Actual (Val) - and (if - (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Ack_Number_Short - and Valid_Next (Ctx, F_Data)) - and (if - (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Ack_Number_Short - and Valid_Next (Ctx, F_Options)), - when F_Ack_Number_Long => - Get_Ack_Number_Long (Ctx) = To_Actual (Val) - and (if - (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Ack_Number_Long - and Valid_Next (Ctx, F_Data)) - and (if - (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Ack_Number_Long - and Valid_Next (Ctx, F_Options)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)) - then - Predecessor (Ctx, F_Reset_Code) = F_Ack_Number_Long - and Valid_Next (Ctx, F_Reset_Code)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)) - then - Predecessor (Ctx, F_Service_Code) = F_Ack_Number_Long - and Valid_Next (Ctx, F_Service_Code)), - when F_Reset_Code => - Get_Reset_Code (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Data_1) = F_Reset_Code - and Valid_Next (Ctx, F_Data_1)), - when F_Service_Code => - Get_Service_Code (Ctx) = To_Actual (Val) - and (if - RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Service_Code - and Valid_Next (Ctx, F_Data)) - and (if - RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Service_Code - and Valid_Next (Ctx, F_Options)), - when F_Data_1 => - Get_Data_1 (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Data_2) = F_Data_1 - and Valid_Next (Ctx, F_Data_2)), - when F_Data_2 => - Get_Data_2 (Ctx) = To_Actual (Val) - and (Predecessor (Ctx, F_Data_3) = F_Data_2 - and Valid_Next (Ctx, F_Data_3)), - when F_Data_3 => - Get_Data_3 (Ctx) = To_Actual (Val) - and (if - RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Data_3 - and Valid_Next (Ctx, F_Data)) - and (if - RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Data_3 - and Valid_Next (Ctx, F_Options)), - when F_Options => - (Predecessor (Ctx, F_Data) = F_Options - and Valid_Next (Ctx, F_Data)), - when F_Data => - (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld))) - and (for all F in Field => - (if F < Fld then Ctx.Cursors (F) = Ctx.Cursors'Old (F))) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Has_Buffer (Ctx) = Has_Buffer (Ctx)'Old - and Predecessor (Ctx, Fld) = Predecessor (Ctx, Fld)'Old - and Field_First (Ctx, Fld) = Field_First (Ctx, Fld)'Old - is - Buffer_First, Buffer_Last : RFLX_Types.Index; - Offset : RFLX_Types.Offset; - Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); - begin - Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); - RFLX_Types.Lemma_Size (Val, Positive (Size)); - RFLX_Types.Operations.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); - end Set_Scalar; - - procedure Set_Source_Port (Ctx : in out Context; Val : RFLX.DCCP.Port_Type) is - begin - Set_Scalar (Ctx, F_Source_Port, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Source_Port; - - procedure Set_Destination_Port (Ctx : in out Context; Val : RFLX.DCCP.Port_Type) is - begin - Set_Scalar (Ctx, F_Destination_Port, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Destination_Port; - - procedure Set_Data_Offset (Ctx : in out Context; Val : RFLX.DCCP.Data_Offset_Type) is - begin - Set_Scalar (Ctx, F_Data_Offset, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Data_Offset; - - procedure Set_CCVal (Ctx : in out Context; Val : RFLX.DCCP.CCVal_Type) is - begin - Set_Scalar (Ctx, F_CCVal, RFLX.DCCP.To_Base_Integer (Val)); - end Set_CCVal; - - procedure Set_CsCov (Ctx : in out Context; Val : RFLX.DCCP.Checksum_Coverage_Type) is - begin - Set_Scalar (Ctx, F_CsCov, RFLX.DCCP.To_Base_Integer (Val)); - end Set_CsCov; - - procedure Set_Checksum (Ctx : in out Context; Val : RFLX.DCCP.Checksum_Type) is - begin - Set_Scalar (Ctx, F_Checksum, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Checksum; - - procedure Set_Res_3 (Ctx : in out Context; Val : RFLX.DCCP.Reserved_3_Type) is - begin - Set_Scalar (Ctx, F_Res_3, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Res_3; - - procedure Set_Packet_Type (Ctx : in out Context; Val : RFLX.DCCP.Type_Field) is - begin - Set_Scalar (Ctx, F_Packet_Type, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Packet_Type; - - procedure Set_X (Ctx : in out Context; Val : RFLX.DCCP.Ext_Seq_Type) is - begin - Set_Scalar (Ctx, F_X, RFLX.DCCP.To_Base_Integer (Val)); - end Set_X; - - procedure Set_Res_8 (Ctx : in out Context; Val : RFLX.DCCP.Reserved_8_Type) is - begin - Set_Scalar (Ctx, F_Res_8, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Res_8; - - procedure Set_Sequence_Number_Short (Ctx : in out Context; Val : RFLX.DCCP.Sequence_Number_Short_Type) is - begin - Set_Scalar (Ctx, F_Sequence_Number_Short, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Sequence_Number_Short; - - procedure Set_Sequence_Number_Long (Ctx : in out Context; Val : RFLX.DCCP.Sequence_Number_Long_Type) is - begin - Set_Scalar (Ctx, F_Sequence_Number_Long, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Sequence_Number_Long; - - procedure Set_Ack_Reserved_Short (Ctx : in out Context; Val : RFLX.DCCP.Reserved_8_Type) is - begin - Set_Scalar (Ctx, F_Ack_Reserved_Short, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Ack_Reserved_Short; - - procedure Set_Ack_Reserved_Long (Ctx : in out Context; Val : RFLX.DCCP.Reserved_16_Type) is - begin - Set_Scalar (Ctx, F_Ack_Reserved_Long, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Ack_Reserved_Long; - - procedure Set_Ack_Number_Short (Ctx : in out Context; Val : RFLX.DCCP.Ack_Number_Short_Type) is - begin - Set_Scalar (Ctx, F_Ack_Number_Short, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Ack_Number_Short; - - procedure Set_Ack_Number_Long (Ctx : in out Context; Val : RFLX.DCCP.Ack_Number_Long_Type) is - begin - Set_Scalar (Ctx, F_Ack_Number_Long, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Ack_Number_Long; - - procedure Set_Reset_Code (Ctx : in out Context; Val : RFLX.DCCP.Reset_Code_Type) is - begin - Set_Scalar (Ctx, F_Reset_Code, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Reset_Code; - - procedure Set_Service_Code (Ctx : in out Context; Val : RFLX.DCCP.Service_Code_Type) is - begin - Set_Scalar (Ctx, F_Service_Code, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Service_Code; - - procedure Set_Data_1 (Ctx : in out Context; Val : RFLX.DCCP.Data_Type) is - begin - Set_Scalar (Ctx, F_Data_1, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Data_1; - - procedure Set_Data_2 (Ctx : in out Context; Val : RFLX.DCCP.Data_Type) is - begin - Set_Scalar (Ctx, F_Data_2, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Data_2; - - procedure Set_Data_3 (Ctx : in out Context; Val : RFLX.DCCP.Data_Type) is - begin - Set_Scalar (Ctx, F_Data_3, RFLX.DCCP.To_Base_Integer (Val)); - end Set_Data_3; - - procedure Set_Data_Empty (Ctx : in out Context) is - Unused_Buffer_First, Unused_Buffer_Last : RFLX_Types.Index; - Unused_Offset : RFLX_Types.Offset; - begin - Set (Ctx, F_Data, 0, 0, True, Unused_Buffer_First, Unused_Buffer_Last, Unused_Offset); - end Set_Data_Empty; - - procedure Set_Options (Ctx : in out Context; Seq_Ctx : RFLX.DCCP.Options.Context) is - Size : constant RFLX_Types.Bit_Length := RFLX_Types.To_Bit_Length (RFLX.DCCP.Options.Byte_Size (Seq_Ctx)); - Unused_First, Unused_Last : RFLX_Types.Bit_Index; - Buffer_First, Buffer_Last : RFLX_Types.Index; - Unused_Offset : RFLX_Types.Offset; - begin - Set (Ctx, F_Options, 0, Size, True, Buffer_First, Buffer_Last, Unused_Offset); - RFLX.DCCP.Options.Copy (Seq_Ctx, Ctx.Buffer.all (Buffer_First .. Buffer_Last)); - end Set_Options; - - procedure Initialize_Options_Private (Ctx : in out Context; Length : RFLX_Types.Length) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Options) - and then RFLX.DCCP.Packet.Valid_Length (Ctx, RFLX.DCCP.Packet.F_Options, Length) - and then RFLX_Types.To_Length (RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Options)) >= Length - and then RFLX.DCCP.Packet.Field_First (Ctx, RFLX.DCCP.Packet.F_Options) mod RFLX_Types.Byte'Size = 1, - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Options) - and Field_Size (Ctx, F_Options) = RFLX_Types.To_Bit_Length (Length) - and Ctx.Verified_Last = Field_Last (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Data) = F_Options - and Valid_Next (Ctx, F_Data)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Options) = Predecessor (Ctx, F_Options)'Old - and Valid_Next (Ctx, F_Options) = Valid_Next (Ctx, F_Options)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Field_First (Ctx, F_Options) = Field_First (Ctx, F_Options)'Old - is - First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Options); - Last : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Options) + RFLX_Types.Bit_Length (Length) * RFLX_Types.Byte'Size - 1; - begin - pragma Assert (Last mod RFLX_Types.Byte'Size = 0); - Reset_Dependent_Fields (Ctx, F_Options); - pragma Warnings (Off, "attribute Update is an obsolescent feature"); - Ctx := Ctx'Update (Verified_Last => Last, Written_Last => Last); - pragma Warnings (On, "attribute Update is an obsolescent feature"); - Ctx.Cursors (F_Options) := (State => S_Well_Formed, First => First, Last => Last, Value => 0, Predecessor => Ctx.Cursors (F_Options).Predecessor); - Ctx.Cursors (Successor (Ctx, F_Options)) := (State => S_Invalid, Predecessor => F_Options); - end Initialize_Options_Private; - - procedure Initialize_Options (Ctx : in out Context) is - begin - Initialize_Options_Private (Ctx, RFLX_Types.To_Length (Field_Size (Ctx, F_Options))); - end Initialize_Options; - - procedure Initialize_Data_Private (Ctx : in out Context; Length : RFLX_Types.Length) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data) - and then RFLX.DCCP.Packet.Valid_Length (Ctx, RFLX.DCCP.Packet.F_Data, Length) - and then RFLX_Types.To_Length (RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data)) >= Length - and then RFLX.DCCP.Packet.Field_First (Ctx, RFLX.DCCP.Packet.F_Data) mod RFLX_Types.Byte'Size = 1, - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Data) - and Field_Size (Ctx, F_Data) = RFLX_Types.To_Bit_Length (Length) - and Ctx.Verified_Last = Field_Last (Ctx, F_Data) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Data) = Predecessor (Ctx, F_Data)'Old - and Valid_Next (Ctx, F_Data) = Valid_Next (Ctx, F_Data)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Field_First (Ctx, F_Data) = Field_First (Ctx, F_Data)'Old - is - First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Data); - Last : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Data) + RFLX_Types.Bit_Length (Length) * RFLX_Types.Byte'Size - 1; - begin - pragma Assert (Last mod RFLX_Types.Byte'Size = 0); - Reset_Dependent_Fields (Ctx, F_Data); - pragma Warnings (Off, "attribute Update is an obsolescent feature"); - Ctx := Ctx'Update (Verified_Last => Last, Written_Last => Last); - pragma Warnings (On, "attribute Update is an obsolescent feature"); - Ctx.Cursors (F_Data) := (State => S_Well_Formed, First => First, Last => Last, Value => 0, Predecessor => Ctx.Cursors (F_Data).Predecessor); - Ctx.Cursors (Successor (Ctx, F_Data)) := (State => S_Invalid, Predecessor => F_Data); - end Initialize_Data_Private; - - procedure Initialize_Data (Ctx : in out Context; Length : RFLX_Types.Length) is - begin - Initialize_Data_Private (Ctx, Length); - end Initialize_Data; - - procedure Set_Data (Ctx : in out Context; Data : RFLX_Types.Bytes) is - Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (Field_First (Ctx, F_Data)); - Buffer_Last : constant RFLX_Types.Index := Buffer_First + Data'Length - 1; - begin - Initialize_Data_Private (Ctx, Data'Length); - pragma Assert (Buffer_Last = RFLX_Types.To_Index (Field_Last (Ctx, F_Data))); - Ctx.Buffer.all (Buffer_First .. Buffer_Last) := Data; - pragma Assert (Ctx.Buffer.all (RFLX_Types.To_Index (Field_First (Ctx, F_Data)) .. RFLX_Types.To_Index (Field_Last (Ctx, F_Data))) = Data); - end Set_Data; - - procedure Generic_Set_Data (Ctx : in out Context; Length : RFLX_Types.Length) is - First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Data); - Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (First); - Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (First + RFLX_Types.To_Bit_Length (Length) - 1); - begin - Process_Data (Ctx.Buffer.all (Buffer_First .. Buffer_Last)); - Initialize_Data_Private (Ctx, Length); - end Generic_Set_Data; - - procedure Switch_To_Options (Ctx : in out Context; Seq_Ctx : out RFLX.DCCP.Options.Context) is - First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Options); - Last : constant RFLX_Types.Bit_Index := Field_Last (Ctx, F_Options); - Buffer : RFLX_Types.Bytes_Ptr; - begin - if Invalid (Ctx, F_Options) then - Reset_Dependent_Fields (Ctx, F_Options); - pragma Warnings (Off, "attribute Update is an obsolescent feature"); - Ctx := Ctx'Update (Verified_Last => Last, Written_Last => RFLX_Types.Bit_Length'Max (Ctx.Written_Last, Last)); - pragma Warnings (On, "attribute Update is an obsolescent feature"); - Ctx.Cursors (F_Options) := (State => S_Well_Formed, First => First, Last => Last, Value => 0, Predecessor => Ctx.Cursors (F_Options).Predecessor); - Ctx.Cursors (Successor (Ctx, F_Options)) := (State => S_Invalid, Predecessor => F_Options); - end if; - Take_Buffer (Ctx, Buffer); - pragma Warnings (Off, "unused assignment to ""Buffer"""); - RFLX.DCCP.Options.Initialize (Seq_Ctx, Buffer, First, Last); - pragma Warnings (On, "unused assignment to ""Buffer"""); - end Switch_To_Options; - - procedure Update_Options (Ctx : in out Context; Seq_Ctx : in out RFLX.DCCP.Options.Context) is - Valid_Sequence : constant Boolean := RFLX.DCCP.Packet.Complete_Options (Ctx, Seq_Ctx); - Buffer : RFLX_Types.Bytes_Ptr; - begin - RFLX.DCCP.Options.Take_Buffer (Seq_Ctx, Buffer); - Ctx.Buffer := Buffer; - if Valid_Sequence then - Ctx.Cursors (F_Options) := (State => S_Valid, First => Ctx.Cursors (F_Options).First, Last => Ctx.Cursors (F_Options).Last, Value => Ctx.Cursors (F_Options).Value, Predecessor => Ctx.Cursors (F_Options).Predecessor); - else - Reset_Dependent_Fields (Ctx, F_Options); - Ctx.Cursors (F_Options) := (State => S_Invalid, Predecessor => Ctx.Cursors (F_Options).Predecessor); - end if; - end Update_Options; - -end RFLX.DCCP.Packet; diff --git a/examples/apps/dccp/rflx/generated/rflx-dccp-packet.ads b/examples/apps/dccp/rflx/generated/rflx-dccp-packet.ads deleted file mode 100644 index 30505001e..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-dccp-packet.ads +++ /dev/null @@ -1,3083 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); -pragma Warnings (Off, "redundant conversion"); -with RFLX.RFLX_Types; -with RFLX.DCCP.Options; - -package RFLX.DCCP.Packet with - SPARK_Mode, - Annotate => - (GNATprove, Always_Return) -is - - pragma Warnings (Off, "use clause for type ""Base_Integer"" * has no effect"); - - pragma Warnings (Off, "use clause for type ""Bytes"" * has no effect"); - - pragma Warnings (Off, """BASE_INTEGER"" is already use-visible through previous use_type_clause"); - - pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); - - use type RFLX_Types.Bytes; - - use type RFLX_Types.Byte; - - use type RFLX_Types.Bytes_Ptr; - - use type RFLX_Types.Length; - - use type RFLX_Types.Index; - - use type RFLX_Types.Bit_Index; - - use type RFLX_Types.Base_Integer; - - use type RFLX_Types.Offset; - - pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - - pragma Warnings (On, """BASE_INTEGER"" is already use-visible through previous use_type_clause"); - - pragma Warnings (On, "use clause for type ""Base_Integer"" * has no effect"); - - pragma Warnings (On, "use clause for type ""Bytes"" * has no effect"); - - pragma Unevaluated_Use_Of_Old (Allow); - - type Virtual_Field is (F_Initial, F_Source_Port, F_Destination_Port, F_Data_Offset, F_CCVal, F_CsCov, F_Checksum, F_Res_3, F_Packet_Type, F_X, F_Res_8, F_Sequence_Number_Short, F_Sequence_Number_Long, F_Ack_Reserved_Short, F_Ack_Reserved_Long, F_Ack_Number_Short, F_Ack_Number_Long, F_Reset_Code, F_Service_Code, F_Data_1, F_Data_2, F_Data_3, F_Options, F_Data, F_Final); - - subtype Field is Virtual_Field range F_Source_Port .. F_Data; - - type Field_Cursor is private with - Default_Initial_Condition => - False; - - type Field_Cursors is private with - Default_Initial_Condition => - False; - - type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with - Default_Initial_Condition => - RFLX_Types.To_Index (First) >= Buffer_First - and RFLX_Types.To_Index (Last) <= Buffer_Last - and Buffer_Last < RFLX_Types.Index'Last - and First <= Last + 1 - and Last < RFLX_Types.Bit_Index'Last - and First rem RFLX_Types.Byte'Size = 1 - and Last rem RFLX_Types.Byte'Size = 0; - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; Written_Last : RFLX_Types.Bit_Length := 0) with - Pre => - not Ctx'Constrained - and then Buffer /= null - and then Buffer'Length > 0 - and then Buffer'Last < RFLX_Types.Index'Last - and then (Written_Last = 0 - or (Written_Last >= RFLX_Types.To_First_Bit_Index (Buffer'First) - 1 - and Written_Last <= RFLX_Types.To_Last_Bit_Index (Buffer'Last))) - and then Written_Last mod RFLX_Types.Byte'Size = 0, - Post => - Has_Buffer (Ctx) - and Buffer = null - and Ctx.Buffer_First = Buffer'First'Old - and Ctx.Buffer_Last = Buffer'Last'Old - and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) - and Ctx.Last = RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last) - and Initialized (Ctx), - Depends => - (Ctx => (Buffer, Written_Last), Buffer => null); - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length := 0) with - Pre => - not Ctx'Constrained - and then Buffer /= null - and then Buffer'Length > 0 - and then Buffer'Last < RFLX_Types.Index'Last - and then RFLX_Types.To_Index (First) >= Buffer'First - and then RFLX_Types.To_Index (Last) <= Buffer'Last - and then First <= Last + 1 - and then Last < RFLX_Types.Bit_Index'Last - and then First rem RFLX_Types.Byte'Size = 1 - and then Last rem RFLX_Types.Byte'Size = 0 - and then (Written_Last = 0 - or (Written_Last >= First - 1 - and Written_Last <= Last)) - and then Written_Last rem RFLX_Types.Byte'Size = 0, - Post => - Buffer = null - and Has_Buffer (Ctx) - and Ctx.Buffer_First = Buffer'First'Old - and Ctx.Buffer_Last = Buffer'Last'Old - and Ctx.First = First - and Ctx.Last = Last - and Initialized (Ctx), - Depends => - (Ctx => (Buffer, First, Last, Written_Last), Buffer => null); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Initialized (Ctx : Context) return Boolean with - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - procedure Reset (Ctx : in out Context) with - Pre => - not Ctx'Constrained - and RFLX.DCCP.Packet.Has_Buffer (Ctx), - Post => - Has_Buffer (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) - and Ctx.Last = RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last) - and Initialized (Ctx); - - procedure Reset (Ctx : in out Context; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) with - Pre => - not Ctx'Constrained - and RFLX.DCCP.Packet.Has_Buffer (Ctx) - and RFLX_Types.To_Index (First) >= Ctx.Buffer_First - and RFLX_Types.To_Index (Last) <= Ctx.Buffer_Last - and First <= Last + 1 - and Last < RFLX_Types.Bit_Length'Last - and First rem RFLX_Types.Byte'Size = 1 - and Last rem RFLX_Types.Byte'Size = 0, - Post => - Has_Buffer (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = First - and Ctx.Last = Last - and Initialized (Ctx); - - procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx), - Post => - not Has_Buffer (Ctx) - and Buffer /= null - and Ctx.Buffer_First = Buffer'First - and Ctx.Buffer_Last = Buffer'Last - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Context_Cursors (Ctx) = Context_Cursors (Ctx)'Old, - Depends => - (Ctx => Ctx, Buffer => Ctx); - - procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Well_Formed_Message (Ctx) - and then RFLX.DCCP.Packet.Byte_Size (Ctx) = Buffer'Length; - - function Read (Ctx : Context) return RFLX_Types.Bytes with - Ghost, - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Well_Formed_Message (Ctx); - - pragma Warnings (Off, "formal parameter ""*"" is not referenced"); - - pragma Warnings (Off, "unused variable ""*"""); - - function Always_Valid (Buffer : RFLX_Types.Bytes) return Boolean is - (True); - - pragma Warnings (On, "unused variable ""*"""); - - pragma Warnings (On, "formal parameter ""*"" is not referenced"); - - generic - with procedure Read (Buffer : RFLX_Types.Bytes); - with function Pre (Buffer : RFLX_Types.Bytes) return Boolean is Always_Valid; - procedure Generic_Read (Ctx : Context) with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Well_Formed_Message (Ctx) - and then Pre (Read (Ctx)); - - pragma Warnings (Off, "formal parameter ""*"" is not referenced"); - - pragma Warnings (Off, "unused variable ""*"""); - - function Always_Valid (Context_Buffer_Length : RFLX_Types.Length; Offset : RFLX_Types.Length) return Boolean is - (True); - - pragma Warnings (On, "unused variable ""*"""); - - pragma Warnings (On, "formal parameter ""*"" is not referenced"); - - generic - with procedure Write (Buffer : out RFLX_Types.Bytes; Length : out RFLX_Types.Length; Context_Buffer_Length : RFLX_Types.Length; Offset : RFLX_Types.Length); - with function Pre (Context_Buffer_Length : RFLX_Types.Length; Offset : RFLX_Types.Length) return Boolean is Always_Valid; - procedure Generic_Write (Ctx : in out Context; Offset : RFLX_Types.Length := 0) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then Offset < RFLX.DCCP.Packet.Buffer_Length (Ctx) - and then Pre (RFLX.DCCP.Packet.Buffer_Length (Ctx), Offset), - Post => - Has_Buffer (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) - and Initialized (Ctx); - - function Has_Buffer (Ctx : Context) return Boolean; - - function Buffer_Length (Ctx : Context) return RFLX_Types.Length with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx); - - function Size (Ctx : Context) return RFLX_Types.Bit_Length with - Post => - Size'Result rem RFLX_Types.Byte'Size = 0; - - function Byte_Size (Ctx : Context) return RFLX_Types.Length; - - function Message_Last (Ctx : Context) return RFLX_Types.Bit_Length with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Well_Formed_Message (Ctx); - - function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length; - - procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Well_Formed_Message (Ctx) - and then Data'Length = RFLX.DCCP.Packet.Byte_Size (Ctx); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Valid_Value (Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean with - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Path_Condition (Ctx : Context; Fld : Field) return Boolean with - Pre => - RFLX.DCCP.Packet.Valid_Predecessor (Ctx, Fld), - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Predecessor (Ctx, Fld) - and then RFLX.DCCP.Packet.Valid_Value (Fld, Val) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, Fld) - and then RFLX.DCCP.Packet.Sufficient_Space (Ctx, Fld), - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - function Field_Size (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length with - Pre => - RFLX.DCCP.Packet.Valid_Next (Ctx, Fld), - Post => - (case Fld is - when F_Options | F_Data => - Field_Size'Result rem RFLX_Types.Byte'Size = 0, - when others => - True); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Field_First (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Index with - Pre => - RFLX.DCCP.Packet.Valid_Next (Ctx, Fld), - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - function Field_Last (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length with - Pre => - RFLX.DCCP.Packet.Valid_Next (Ctx, Fld) - and then RFLX.DCCP.Packet.Sufficient_Space (Ctx, Fld), - Post => - (case Fld is - when F_Options | F_Data => - Field_Last'Result rem RFLX_Types.Byte'Size = 0, - when others => - True); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Predecessor (Ctx : Context; Fld : Virtual_Field) return Virtual_Field with - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Valid_Predecessor (Ctx : Context; Fld : Virtual_Field) return Boolean with - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - function Valid_Next (Ctx : Context; Fld : Field) return Boolean; - - function Available_Space (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length with - Pre => - RFLX.DCCP.Packet.Valid_Next (Ctx, Fld); - - function Sufficient_Space (Ctx : Context; Fld : Field) return Boolean with - Pre => - RFLX.DCCP.Packet.Valid_Next (Ctx, Fld); - - function Equal (Ctx : Context; Fld : Field; Data : RFLX_Types.Bytes) return Boolean with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and RFLX.DCCP.Packet.Valid_Next (Ctx, Fld); - - procedure Verify (Ctx : in out Context; Fld : Field) with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx), - Post => - Has_Buffer (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old; - - procedure Verify_Message (Ctx : in out Context) with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx), - Post => - Has_Buffer (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old; - - function Present (Ctx : Context; Fld : Field) return Boolean; - - function Well_Formed (Ctx : Context; Fld : Field) return Boolean; - - function Valid (Ctx : Context; Fld : Field) return Boolean with - Post => - (if Valid'Result then Well_Formed (Ctx, Fld) and Present (Ctx, Fld)); - - function Incomplete (Ctx : Context; Fld : Field) return Boolean; - - function Invalid (Ctx : Context; Fld : Field) return Boolean; - - function Well_Formed_Message (Ctx : Context) return Boolean with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx); - - function Valid_Message (Ctx : Context) return Boolean with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Incomplete_Message (Ctx : Context) return Boolean with - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - pragma Warnings (Off, "precondition is always False"); - - function Get_Source_Port (Ctx : Context) return RFLX.DCCP.Port_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Source_Port); - - function Get_Destination_Port (Ctx : Context) return RFLX.DCCP.Port_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Destination_Port); - - function Get_Data_Offset (Ctx : Context) return RFLX.DCCP.Data_Offset_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Data_Offset); - - function Get_CCVal (Ctx : Context) return RFLX.DCCP.CCVal_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_CCVal); - - function Get_CsCov (Ctx : Context) return RFLX.DCCP.Checksum_Coverage_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_CsCov); - - function Get_Checksum (Ctx : Context) return RFLX.DCCP.Checksum_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Checksum); - - function Get_Res_3 (Ctx : Context) return RFLX.DCCP.Reserved_3_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Res_3); - - function Get_Packet_Type (Ctx : Context) return RFLX.DCCP.Type_Field with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Packet_Type); - - function Get_X (Ctx : Context) return RFLX.DCCP.Ext_Seq_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_X); - - function Get_Res_8 (Ctx : Context) return RFLX.DCCP.Reserved_8_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Res_8); - - function Get_Sequence_Number_Short (Ctx : Context) return RFLX.DCCP.Sequence_Number_Short_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Short); - - function Get_Sequence_Number_Long (Ctx : Context) return RFLX.DCCP.Sequence_Number_Long_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Long); - - function Get_Ack_Reserved_Short (Ctx : Context) return RFLX.DCCP.Reserved_8_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Short); - - function Get_Ack_Reserved_Long (Ctx : Context) return RFLX.DCCP.Reserved_16_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Long); - - function Get_Ack_Number_Short (Ctx : Context) return RFLX.DCCP.Ack_Number_Short_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Short); - - function Get_Ack_Number_Long (Ctx : Context) return RFLX.DCCP.Ack_Number_Long_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Long); - - function Get_Reset_Code (Ctx : Context) return RFLX.DCCP.Reset_Code_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Reset_Code); - - function Get_Service_Code (Ctx : Context) return RFLX.DCCP.Service_Code_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Service_Code); - - function Get_Data_1 (Ctx : Context) return RFLX.DCCP.Data_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Data_1); - - function Get_Data_2 (Ctx : Context) return RFLX.DCCP.Data_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Data_2); - - function Get_Data_3 (Ctx : Context) return RFLX.DCCP.Data_Type with - Pre => - RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Data_3); - - pragma Warnings (On, "precondition is always False"); - - function Get_Data (Ctx : Context) return RFLX_Types.Bytes with - Ghost, - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Well_Formed (Ctx, RFLX.DCCP.Packet.F_Data) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data), - Post => - Get_Data'Result'Length = RFLX_Types.To_Length (Field_Size (Ctx, F_Data)); - - procedure Get_Data (Ctx : Context; Data : out RFLX_Types.Bytes) with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Well_Formed (Ctx, RFLX.DCCP.Packet.F_Data) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data) - and then Data'Length = RFLX_Types.To_Length (RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data)), - Post => - Equal (Ctx, F_Data, Data); - - generic - with procedure Process_Data (Data : RFLX_Types.Bytes); - procedure Generic_Get_Data (Ctx : Context) with - Pre => - RFLX.DCCP.Packet.Has_Buffer (Ctx) - and RFLX.DCCP.Packet.Present (Ctx, RFLX.DCCP.Packet.F_Data); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Valid_Length (Ctx : Context; Fld : Field; Length : RFLX_Types.Length) return Boolean with - Pre => - RFLX.DCCP.Packet.Valid_Next (Ctx, Fld), - Post => - True; - - pragma Warnings (On, "postcondition does not mention function result"); - - pragma Warnings (Off, "aspect ""*"" not enforced on inlined subprogram ""*"""); - - procedure Set_Source_Port (Ctx : in out Context; Val : RFLX.DCCP.Port_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Source_Port) - and then RFLX.DCCP.Valid_Port_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Source_Port) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Source_Port) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Source_Port, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Source_Port) - and Get_Source_Port (Ctx) = Val - and Invalid (Ctx, F_Destination_Port) - and Invalid (Ctx, F_Data_Offset) - and Invalid (Ctx, F_CCVal) - and Invalid (Ctx, F_CsCov) - and Invalid (Ctx, F_Checksum) - and Invalid (Ctx, F_Res_3) - and Invalid (Ctx, F_Packet_Type) - and Invalid (Ctx, F_X) - and Invalid (Ctx, F_Res_8) - and Invalid (Ctx, F_Sequence_Number_Short) - and Invalid (Ctx, F_Sequence_Number_Long) - and Invalid (Ctx, F_Ack_Reserved_Short) - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Destination_Port) = F_Source_Port - and Valid_Next (Ctx, F_Destination_Port)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Source_Port) = Predecessor (Ctx, F_Source_Port)'Old - and Valid_Next (Ctx, F_Source_Port) = Valid_Next (Ctx, F_Source_Port)'Old - and Field_First (Ctx, F_Source_Port) = Field_First (Ctx, F_Source_Port)'Old; - - procedure Set_Destination_Port (Ctx : in out Context; Val : RFLX.DCCP.Port_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Destination_Port) - and then RFLX.DCCP.Valid_Port_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Destination_Port) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Destination_Port) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Destination_Port, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Destination_Port) - and Get_Destination_Port (Ctx) = Val - and Invalid (Ctx, F_Data_Offset) - and Invalid (Ctx, F_CCVal) - and Invalid (Ctx, F_CsCov) - and Invalid (Ctx, F_Checksum) - and Invalid (Ctx, F_Res_3) - and Invalid (Ctx, F_Packet_Type) - and Invalid (Ctx, F_X) - and Invalid (Ctx, F_Res_8) - and Invalid (Ctx, F_Sequence_Number_Short) - and Invalid (Ctx, F_Sequence_Number_Long) - and Invalid (Ctx, F_Ack_Reserved_Short) - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Data_Offset) = F_Destination_Port - and Valid_Next (Ctx, F_Data_Offset)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Destination_Port) = Predecessor (Ctx, F_Destination_Port)'Old - and Valid_Next (Ctx, F_Destination_Port) = Valid_Next (Ctx, F_Destination_Port)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Field_First (Ctx, F_Destination_Port) = Field_First (Ctx, F_Destination_Port)'Old - and (for all F in Field range F_Source_Port .. F_Source_Port => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Data_Offset (Ctx : in out Context; Val : RFLX.DCCP.Data_Offset_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data_Offset) - and then RFLX.DCCP.Valid_Data_Offset_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data_Offset) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data_Offset) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Data_Offset, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Data_Offset) - and Get_Data_Offset (Ctx) = Val - and Invalid (Ctx, F_CCVal) - and Invalid (Ctx, F_CsCov) - and Invalid (Ctx, F_Checksum) - and Invalid (Ctx, F_Res_3) - and Invalid (Ctx, F_Packet_Type) - and Invalid (Ctx, F_X) - and Invalid (Ctx, F_Res_8) - and Invalid (Ctx, F_Sequence_Number_Short) - and Invalid (Ctx, F_Sequence_Number_Long) - and Invalid (Ctx, F_Ack_Reserved_Short) - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_CCVal) = F_Data_Offset - and Valid_Next (Ctx, F_CCVal)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Data_Offset) = Predecessor (Ctx, F_Data_Offset)'Old - and Valid_Next (Ctx, F_Data_Offset) = Valid_Next (Ctx, F_Data_Offset)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Field_First (Ctx, F_Data_Offset) = Field_First (Ctx, F_Data_Offset)'Old - and (for all F in Field range F_Source_Port .. F_Destination_Port => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_CCVal (Ctx : in out Context; Val : RFLX.DCCP.CCVal_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_CCVal) - and then RFLX.DCCP.Valid_CCVal_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_CCVal) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_CCVal) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_CCVal, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_CCVal) - and Get_CCVal (Ctx) = Val - and Invalid (Ctx, F_CsCov) - and Invalid (Ctx, F_Checksum) - and Invalid (Ctx, F_Res_3) - and Invalid (Ctx, F_Packet_Type) - and Invalid (Ctx, F_X) - and Invalid (Ctx, F_Res_8) - and Invalid (Ctx, F_Sequence_Number_Short) - and Invalid (Ctx, F_Sequence_Number_Long) - and Invalid (Ctx, F_Ack_Reserved_Short) - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_CsCov) = F_CCVal - and Valid_Next (Ctx, F_CsCov)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_CCVal) = Predecessor (Ctx, F_CCVal)'Old - and Valid_Next (Ctx, F_CCVal) = Valid_Next (Ctx, F_CCVal)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Field_First (Ctx, F_CCVal) = Field_First (Ctx, F_CCVal)'Old - and (for all F in Field range F_Source_Port .. F_Data_Offset => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_CsCov (Ctx : in out Context; Val : RFLX.DCCP.Checksum_Coverage_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_CsCov) - and then RFLX.DCCP.Valid_Checksum_Coverage_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_CsCov) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_CsCov) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_CsCov, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_CsCov) - and Get_CsCov (Ctx) = Val - and Invalid (Ctx, F_Checksum) - and Invalid (Ctx, F_Res_3) - and Invalid (Ctx, F_Packet_Type) - and Invalid (Ctx, F_X) - and Invalid (Ctx, F_Res_8) - and Invalid (Ctx, F_Sequence_Number_Short) - and Invalid (Ctx, F_Sequence_Number_Long) - and Invalid (Ctx, F_Ack_Reserved_Short) - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Checksum) = F_CsCov - and Valid_Next (Ctx, F_Checksum)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_CsCov) = Predecessor (Ctx, F_CsCov)'Old - and Valid_Next (Ctx, F_CsCov) = Valid_Next (Ctx, F_CsCov)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Field_First (Ctx, F_CsCov) = Field_First (Ctx, F_CsCov)'Old - and (for all F in Field range F_Source_Port .. F_CCVal => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Checksum (Ctx : in out Context; Val : RFLX.DCCP.Checksum_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Checksum) - and then RFLX.DCCP.Valid_Checksum_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Checksum) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Checksum) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Checksum, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Checksum) - and Get_Checksum (Ctx) = Val - and Invalid (Ctx, F_Res_3) - and Invalid (Ctx, F_Packet_Type) - and Invalid (Ctx, F_X) - and Invalid (Ctx, F_Res_8) - and Invalid (Ctx, F_Sequence_Number_Short) - and Invalid (Ctx, F_Sequence_Number_Long) - and Invalid (Ctx, F_Ack_Reserved_Short) - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Res_3) = F_Checksum - and Valid_Next (Ctx, F_Res_3)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Checksum) = Predecessor (Ctx, F_Checksum)'Old - and Valid_Next (Ctx, F_Checksum) = Valid_Next (Ctx, F_Checksum)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Field_First (Ctx, F_Checksum) = Field_First (Ctx, F_Checksum)'Old - and (for all F in Field range F_Source_Port .. F_CsCov => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Res_3 (Ctx : in out Context; Val : RFLX.DCCP.Reserved_3_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Res_3) - and then RFLX.DCCP.Valid_Reserved_3_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Res_3) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Res_3) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Res_3, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Res_3) - and Get_Res_3 (Ctx) = Val - and Invalid (Ctx, F_Packet_Type) - and Invalid (Ctx, F_X) - and Invalid (Ctx, F_Res_8) - and Invalid (Ctx, F_Sequence_Number_Short) - and Invalid (Ctx, F_Sequence_Number_Long) - and Invalid (Ctx, F_Ack_Reserved_Short) - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Packet_Type) = F_Res_3 - and Valid_Next (Ctx, F_Packet_Type)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Res_3) = Predecessor (Ctx, F_Res_3)'Old - and Valid_Next (Ctx, F_Res_3) = Valid_Next (Ctx, F_Res_3)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Field_First (Ctx, F_Res_3) = Field_First (Ctx, F_Res_3)'Old - and (for all F in Field range F_Source_Port .. F_Checksum => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Packet_Type (Ctx : in out Context; Val : RFLX.DCCP.Type_Field) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Packet_Type) - and then RFLX.DCCP.Valid_Type_Field (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Packet_Type) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Packet_Type) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Packet_Type, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Packet_Type) - and Get_Packet_Type (Ctx) = Val - and Invalid (Ctx, F_X) - and Invalid (Ctx, F_Res_8) - and Invalid (Ctx, F_Sequence_Number_Short) - and Invalid (Ctx, F_Sequence_Number_Long) - and Invalid (Ctx, F_Ack_Reserved_Short) - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_X) = F_Packet_Type - and Valid_Next (Ctx, F_X)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Packet_Type) = Predecessor (Ctx, F_Packet_Type)'Old - and Valid_Next (Ctx, F_Packet_Type) = Valid_Next (Ctx, F_Packet_Type)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Field_First (Ctx, F_Packet_Type) = Field_First (Ctx, F_Packet_Type)'Old - and (for all F in Field range F_Source_Port .. F_Res_3 => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_X (Ctx : in out Context; Val : RFLX.DCCP.Ext_Seq_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_X) - and then RFLX.DCCP.Valid_Ext_Seq_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_X) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_X) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_X, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_X) - and Get_X (Ctx) = Val - and Invalid (Ctx, F_Res_8) - and Invalid (Ctx, F_Sequence_Number_Short) - and Invalid (Ctx, F_Sequence_Number_Long) - and Invalid (Ctx, F_Ack_Reserved_Short) - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_X (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)) - then - Predecessor (Ctx, F_Res_8) = F_X - and Valid_Next (Ctx, F_Res_8)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_X (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)) - then - Predecessor (Ctx, F_Sequence_Number_Short) = F_X - and Valid_Next (Ctx, F_Sequence_Number_Short)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_X) = Predecessor (Ctx, F_X)'Old - and Valid_Next (Ctx, F_X) = Valid_Next (Ctx, F_X)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Field_First (Ctx, F_X) = Field_First (Ctx, F_X)'Old - and (for all F in Field range F_Source_Port .. F_Packet_Type => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Res_8 (Ctx : in out Context; Val : RFLX.DCCP.Reserved_8_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Res_8) - and then RFLX.DCCP.Valid_Reserved_8_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Res_8) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Res_8) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Res_8, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Res_8) - and Get_Res_8 (Ctx) = Val - and Invalid (Ctx, F_Sequence_Number_Short) - and Invalid (Ctx, F_Sequence_Number_Long) - and Invalid (Ctx, F_Ack_Reserved_Short) - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Sequence_Number_Long) = F_Res_8 - and Valid_Next (Ctx, F_Sequence_Number_Long)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Res_8) = Predecessor (Ctx, F_Res_8)'Old - and Valid_Next (Ctx, F_Res_8) = Valid_Next (Ctx, F_Res_8)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Field_First (Ctx, F_Res_8) = Field_First (Ctx, F_Res_8)'Old - and (for all F in Field range F_Source_Port .. F_X => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Sequence_Number_Short (Ctx : in out Context; Val : RFLX.DCCP.Sequence_Number_Short_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Short) - and then RFLX.DCCP.Valid_Sequence_Number_Short_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Short) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Short) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Short, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Sequence_Number_Short) - and Get_Sequence_Number_Short (Ctx) = Val - and Invalid (Ctx, F_Sequence_Number_Long) - and Invalid (Ctx, F_Ack_Reserved_Short) - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - Predecessor (Ctx, F_Ack_Reserved_Short) = F_Sequence_Number_Short - and Valid_Next (Ctx, F_Ack_Reserved_Short)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Sequence_Number_Short - and Valid_Next (Ctx, F_Data)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Sequence_Number_Short - and Valid_Next (Ctx, F_Options)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Sequence_Number_Short) = Predecessor (Ctx, F_Sequence_Number_Short)'Old - and Valid_Next (Ctx, F_Sequence_Number_Short) = Valid_Next (Ctx, F_Sequence_Number_Short)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Field_First (Ctx, F_Sequence_Number_Short) = Field_First (Ctx, F_Sequence_Number_Short)'Old - and (for all F in Field range F_Source_Port .. F_Res_8 => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Sequence_Number_Long (Ctx : in out Context; Val : RFLX.DCCP.Sequence_Number_Long_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Long) - and then RFLX.DCCP.Valid_Sequence_Number_Long_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Long) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Long) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Long, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Sequence_Number_Long) - and Get_Sequence_Number_Long (Ctx) = Val - and Invalid (Ctx, F_Ack_Reserved_Short) - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - Predecessor (Ctx, F_Ack_Reserved_Long) = F_Sequence_Number_Long - and Valid_Next (Ctx, F_Ack_Reserved_Long)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Sequence_Number_Long - and Valid_Next (Ctx, F_Data)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Sequence_Number_Long - and Valid_Next (Ctx, F_Options)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - Predecessor (Ctx, F_Service_Code) = F_Sequence_Number_Long - and Valid_Next (Ctx, F_Service_Code)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Sequence_Number_Long) = Predecessor (Ctx, F_Sequence_Number_Long)'Old - and Valid_Next (Ctx, F_Sequence_Number_Long) = Valid_Next (Ctx, F_Sequence_Number_Long)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old - and Field_First (Ctx, F_Sequence_Number_Long) = Field_First (Ctx, F_Sequence_Number_Long)'Old - and (for all F in Field range F_Source_Port .. F_Sequence_Number_Short => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Ack_Reserved_Short (Ctx : in out Context; Val : RFLX.DCCP.Reserved_8_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Short) - and then RFLX.DCCP.Valid_Reserved_8_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Short) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Short) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Short, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Ack_Reserved_Short) - and Get_Ack_Reserved_Short (Ctx) = Val - and Invalid (Ctx, F_Ack_Reserved_Long) - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Ack_Number_Short) = F_Ack_Reserved_Short - and Valid_Next (Ctx, F_Ack_Number_Short)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Ack_Reserved_Short) = Predecessor (Ctx, F_Ack_Reserved_Short)'Old - and Valid_Next (Ctx, F_Ack_Reserved_Short) = Valid_Next (Ctx, F_Ack_Reserved_Short)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Get_Sequence_Number_Short (Ctx) = Get_Sequence_Number_Short (Ctx)'Old - and Field_First (Ctx, F_Ack_Reserved_Short) = Field_First (Ctx, F_Ack_Reserved_Short)'Old - and (for all F in Field range F_Source_Port .. F_Sequence_Number_Long => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Ack_Reserved_Long (Ctx : in out Context; Val : RFLX.DCCP.Reserved_16_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Long) - and then RFLX.DCCP.Valid_Reserved_16_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Long) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Long) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Long, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Ack_Reserved_Long) - and Get_Ack_Reserved_Long (Ctx) = Val - and Invalid (Ctx, F_Ack_Number_Short) - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Ack_Number_Long) = F_Ack_Reserved_Long - and Valid_Next (Ctx, F_Ack_Number_Long)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Ack_Reserved_Long) = Predecessor (Ctx, F_Ack_Reserved_Long)'Old - and Valid_Next (Ctx, F_Ack_Reserved_Long) = Valid_Next (Ctx, F_Ack_Reserved_Long)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old - and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old - and Field_First (Ctx, F_Ack_Reserved_Long) = Field_First (Ctx, F_Ack_Reserved_Long)'Old - and (for all F in Field range F_Source_Port .. F_Ack_Reserved_Short => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Ack_Number_Short (Ctx : in out Context; Val : RFLX.DCCP.Ack_Number_Short_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Short) - and then RFLX.DCCP.Valid_Ack_Number_Short_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Short) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Short) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Short, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Ack_Number_Short) - and Get_Ack_Number_Short (Ctx) = Val - and Invalid (Ctx, F_Ack_Number_Long) - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (if - (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Ack_Number_Short - and Valid_Next (Ctx, F_Data)) - and (if - (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Ack_Number_Short - and Valid_Next (Ctx, F_Options)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Ack_Number_Short) = Predecessor (Ctx, F_Ack_Number_Short)'Old - and Valid_Next (Ctx, F_Ack_Number_Short) = Valid_Next (Ctx, F_Ack_Number_Short)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Get_Sequence_Number_Short (Ctx) = Get_Sequence_Number_Short (Ctx)'Old - and Get_Ack_Reserved_Short (Ctx) = Get_Ack_Reserved_Short (Ctx)'Old - and Field_First (Ctx, F_Ack_Number_Short) = Field_First (Ctx, F_Ack_Number_Short)'Old - and (for all F in Field range F_Source_Port .. F_Ack_Reserved_Long => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Ack_Number_Long (Ctx : in out Context; Val : RFLX.DCCP.Ack_Number_Long_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Long) - and then RFLX.DCCP.Valid_Ack_Number_Long_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Long) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Long) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Long, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Ack_Number_Long) - and Get_Ack_Number_Long (Ctx) = Val - and Invalid (Ctx, F_Reset_Code) - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (if - (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Ack_Number_Long - and Valid_Next (Ctx, F_Data)) - and (if - (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Ack_Number_Long - and Valid_Next (Ctx, F_Options)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)) - then - Predecessor (Ctx, F_Reset_Code) = F_Ack_Number_Long - and Valid_Next (Ctx, F_Reset_Code)) - and (if - RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)) - then - Predecessor (Ctx, F_Service_Code) = F_Ack_Number_Long - and Valid_Next (Ctx, F_Service_Code)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Ack_Number_Long) = Predecessor (Ctx, F_Ack_Number_Long)'Old - and Valid_Next (Ctx, F_Ack_Number_Long) = Valid_Next (Ctx, F_Ack_Number_Long)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old - and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old - and Get_Ack_Reserved_Long (Ctx) = Get_Ack_Reserved_Long (Ctx)'Old - and Field_First (Ctx, F_Ack_Number_Long) = Field_First (Ctx, F_Ack_Number_Long)'Old - and (for all F in Field range F_Source_Port .. F_Ack_Number_Short => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Reset_Code (Ctx : in out Context; Val : RFLX.DCCP.Reset_Code_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Reset_Code) - and then RFLX.DCCP.Valid_Reset_Code_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Reset_Code) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Reset_Code) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Reset_Code, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Reset_Code) - and Get_Reset_Code (Ctx) = Val - and Invalid (Ctx, F_Service_Code) - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Data_1) = F_Reset_Code - and Valid_Next (Ctx, F_Data_1)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Reset_Code) = Predecessor (Ctx, F_Reset_Code)'Old - and Valid_Next (Ctx, F_Reset_Code) = Valid_Next (Ctx, F_Reset_Code)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old - and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old - and Get_Ack_Reserved_Long (Ctx) = Get_Ack_Reserved_Long (Ctx)'Old - and Get_Ack_Number_Long (Ctx) = Get_Ack_Number_Long (Ctx)'Old - and Field_First (Ctx, F_Reset_Code) = Field_First (Ctx, F_Reset_Code)'Old - and (for all F in Field range F_Source_Port .. F_Ack_Number_Long => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Service_Code (Ctx : in out Context; Val : RFLX.DCCP.Service_Code_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Service_Code) - and then RFLX.DCCP.Valid_Service_Code_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Service_Code) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Service_Code) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Service_Code, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Service_Code) - and Get_Service_Code (Ctx) = Val - and Invalid (Ctx, F_Data_1) - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (if - RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Service_Code - and Valid_Next (Ctx, F_Data)) - and (if - RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Service_Code - and Valid_Next (Ctx, F_Options)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Service_Code) = Predecessor (Ctx, F_Service_Code)'Old - and Valid_Next (Ctx, F_Service_Code) = Valid_Next (Ctx, F_Service_Code)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old - and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old - and Field_First (Ctx, F_Service_Code) = Field_First (Ctx, F_Service_Code)'Old - and (for all F in Field range F_Source_Port .. F_Reset_Code => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Data_1 (Ctx : in out Context; Val : RFLX.DCCP.Data_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data_1) - and then RFLX.DCCP.Valid_Data_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data_1) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data_1) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Data_1, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Data_1) - and Get_Data_1 (Ctx) = Val - and Invalid (Ctx, F_Data_2) - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Data_2) = F_Data_1 - and Valid_Next (Ctx, F_Data_2)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Data_1) = Predecessor (Ctx, F_Data_1)'Old - and Valid_Next (Ctx, F_Data_1) = Valid_Next (Ctx, F_Data_1)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old - and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old - and Get_Ack_Reserved_Long (Ctx) = Get_Ack_Reserved_Long (Ctx)'Old - and Get_Ack_Number_Long (Ctx) = Get_Ack_Number_Long (Ctx)'Old - and Get_Reset_Code (Ctx) = Get_Reset_Code (Ctx)'Old - and Field_First (Ctx, F_Data_1) = Field_First (Ctx, F_Data_1)'Old - and (for all F in Field range F_Source_Port .. F_Service_Code => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Data_2 (Ctx : in out Context; Val : RFLX.DCCP.Data_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data_2) - and then RFLX.DCCP.Valid_Data_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data_2) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data_2) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Data_2, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Data_2) - and Get_Data_2 (Ctx) = Val - and Invalid (Ctx, F_Data_3) - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Data_3) = F_Data_2 - and Valid_Next (Ctx, F_Data_3)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Data_2) = Predecessor (Ctx, F_Data_2)'Old - and Valid_Next (Ctx, F_Data_2) = Valid_Next (Ctx, F_Data_2)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old - and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old - and Get_Ack_Reserved_Long (Ctx) = Get_Ack_Reserved_Long (Ctx)'Old - and Get_Ack_Number_Long (Ctx) = Get_Ack_Number_Long (Ctx)'Old - and Get_Reset_Code (Ctx) = Get_Reset_Code (Ctx)'Old - and Get_Data_1 (Ctx) = Get_Data_1 (Ctx)'Old - and Field_First (Ctx, F_Data_2) = Field_First (Ctx, F_Data_2)'Old - and (for all F in Field range F_Source_Port .. F_Data_1 => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - procedure Set_Data_3 (Ctx : in out Context; Val : RFLX.DCCP.Data_Type) with - Inline_Always, - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data_3) - and then RFLX.DCCP.Valid_Data_Type (RFLX.DCCP.To_Base_Integer (Val)) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data_3) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data_3) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Data_3, RFLX.DCCP.To_Base_Integer (Val)), - Post => - Has_Buffer (Ctx) - and Valid (Ctx, F_Data_3) - and Get_Data_3 (Ctx) = Val - and Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (if - RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Data) = F_Data_3 - and Valid_Next (Ctx, F_Data)) - and (if - RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - then - Predecessor (Ctx, F_Options) = F_Data_3 - and Valid_Next (Ctx, F_Options)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Data_3) = Predecessor (Ctx, F_Data_3)'Old - and Valid_Next (Ctx, F_Data_3) = Valid_Next (Ctx, F_Data_3)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old - and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old - and Get_Ack_Reserved_Long (Ctx) = Get_Ack_Reserved_Long (Ctx)'Old - and Get_Ack_Number_Long (Ctx) = Get_Ack_Number_Long (Ctx)'Old - and Get_Reset_Code (Ctx) = Get_Reset_Code (Ctx)'Old - and Get_Data_1 (Ctx) = Get_Data_1 (Ctx)'Old - and Get_Data_2 (Ctx) = Get_Data_2 (Ctx)'Old - and Field_First (Ctx, F_Data_3) = Field_First (Ctx, F_Data_3)'Old - and (for all F in Field range F_Source_Port .. F_Data_2 => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); - - pragma Warnings (On, "aspect ""*"" not enforced on inlined subprogram ""*"""); - - procedure Set_Data_Empty (Ctx : in out Context) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Data, 0) - and then RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data) = 0, - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Data) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Data)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Data) = Predecessor (Ctx, F_Data)'Old - and Valid_Next (Ctx, F_Data) = Valid_Next (Ctx, F_Data)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Field_First (Ctx, F_Data) = Field_First (Ctx, F_Data)'Old; - - procedure Set_Options (Ctx : in out Context; Seq_Ctx : RFLX.DCCP.Options.Context) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Options) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Options) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Options) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Options, 0) - and then RFLX.DCCP.Packet.Valid_Length (Ctx, RFLX.DCCP.Packet.F_Options, RFLX.DCCP.Options.Byte_Size (Seq_Ctx)) - and then RFLX.DCCP.Options.Has_Buffer (Seq_Ctx) - and then RFLX.DCCP.Options.Valid (Seq_Ctx), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Data) = F_Options - and Valid_Next (Ctx, F_Data)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Options) = Predecessor (Ctx, F_Options)'Old - and Valid_Next (Ctx, F_Options) = Valid_Next (Ctx, F_Options)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Field_First (Ctx, F_Options) = Field_First (Ctx, F_Options)'Old - and (if Field_Size (Ctx, F_Options) > 0 then Present (Ctx, F_Options)); - - procedure Initialize_Options (Ctx : in out Context) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Options) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Options) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Options), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Options) - and Invalid (Ctx, F_Data) - and (Predecessor (Ctx, F_Data) = F_Options - and Valid_Next (Ctx, F_Data)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Options) = Predecessor (Ctx, F_Options)'Old - and Valid_Next (Ctx, F_Options) = Valid_Next (Ctx, F_Options)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Field_First (Ctx, F_Options) = Field_First (Ctx, F_Options)'Old; - - procedure Initialize_Data (Ctx : in out Context; Length : RFLX_Types.Length) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data) - and then RFLX.DCCP.Packet.Valid_Length (Ctx, RFLX.DCCP.Packet.F_Data, Length) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data) >= RFLX_Types.To_Bit_Length (Length), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Data) - and Field_Size (Ctx, F_Data) = RFLX_Types.To_Bit_Length (Length) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Data)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Data) = Predecessor (Ctx, F_Data)'Old - and Valid_Next (Ctx, F_Data) = Valid_Next (Ctx, F_Data)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Field_First (Ctx, F_Data) = Field_First (Ctx, F_Data)'Old; - - procedure Set_Data (Ctx : in out Context; Data : RFLX_Types.Bytes) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data) - and then RFLX.DCCP.Packet.Valid_Length (Ctx, RFLX.DCCP.Packet.F_Data, Data'Length) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data) >= Data'Length * RFLX_Types.Byte'Size - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Data, 0), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Data) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Data)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Data) = Predecessor (Ctx, F_Data)'Old - and Valid_Next (Ctx, F_Data) = Valid_Next (Ctx, F_Data)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Field_First (Ctx, F_Data) = Field_First (Ctx, F_Data)'Old - and Equal (Ctx, F_Data, Data); - - generic - with procedure Process_Data (Data : out RFLX_Types.Bytes); - with function Process_Data_Pre (Length : RFLX_Types.Length) return Boolean; - procedure Generic_Set_Data (Ctx : in out Context; Length : RFLX_Types.Length) with - Pre => - not Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data) - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data) - and then RFLX.DCCP.Packet.Valid_Length (Ctx, RFLX.DCCP.Packet.F_Data, Length) - and then RFLX_Types.To_Length (RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data)) >= Length - and then Process_Data_Pre (Length), - Post => - Has_Buffer (Ctx) - and Well_Formed (Ctx, F_Data) - and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Data)) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Data) = Predecessor (Ctx, F_Data)'Old - and Valid_Next (Ctx, F_Data) = Valid_Next (Ctx, F_Data)'Old - and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old - and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old - and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old - and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old - and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old - and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old - and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old - and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old - and Get_X (Ctx) = Get_X (Ctx)'Old - and Field_First (Ctx, F_Data) = Field_First (Ctx, F_Data)'Old; - - procedure Switch_To_Options (Ctx : in out Context; Seq_Ctx : out RFLX.DCCP.Options.Context) with - Pre => - not Ctx'Constrained - and then not Seq_Ctx'Constrained - and then RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Options) - and then RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Options) > 0 - and then RFLX.DCCP.Packet.Field_First (Ctx, RFLX.DCCP.Packet.F_Options) rem RFLX_Types.Byte'Size = 1 - and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Options) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Options) - and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Options, 0), - Post => - not RFLX.DCCP.Packet.Has_Buffer (Ctx) - and RFLX.DCCP.Options.Has_Buffer (Seq_Ctx) - and Ctx.Buffer_First = Seq_Ctx.Buffer_First - and Ctx.Buffer_Last = Seq_Ctx.Buffer_Last - and Seq_Ctx.First = Field_First (Ctx, F_Options) - and Seq_Ctx.Last = Field_Last (Ctx, F_Options) - and RFLX.DCCP.Options.Valid (Seq_Ctx) - and RFLX.DCCP.Options.Sequence_Last (Seq_Ctx) = Seq_Ctx.First - 1 - and Present (Ctx, F_Options) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Predecessor (Ctx, F_Options) = Predecessor (Ctx, F_Options)'Old - and Path_Condition (Ctx, F_Options) = Path_Condition (Ctx, F_Options)'Old - and Field_Last (Ctx, F_Options) = Field_Last (Ctx, F_Options)'Old - and (for all F in Field range F_Source_Port .. F_Data_3 => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)), - Contract_Cases => - (Well_Formed (Ctx, F_Options) => - (for all F in Field range F_Data .. F_Data => - Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)), - others => - (Predecessor (Ctx, F_Data) = F_Options - and Valid_Next (Ctx, F_Data)) - and Invalid (Ctx, F_Data)); - - function Complete_Options (Ctx : Context; Seq_Ctx : RFLX.DCCP.Options.Context) return Boolean with - Pre => - RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Options); - - procedure Update_Options (Ctx : in out Context; Seq_Ctx : in out RFLX.DCCP.Options.Context) with - Pre => - RFLX.DCCP.Packet.Present (Ctx, RFLX.DCCP.Packet.F_Options) - and then not RFLX.DCCP.Packet.Has_Buffer (Ctx) - and then RFLX.DCCP.Options.Has_Buffer (Seq_Ctx) - and then Ctx.Buffer_First = Seq_Ctx.Buffer_First - and then Ctx.Buffer_Last = Seq_Ctx.Buffer_Last - and then Seq_Ctx.First = Field_First (Ctx, F_Options) - and then Seq_Ctx.Last = Field_Last (Ctx, F_Options), - Post => - (if - RFLX.DCCP.Packet.Complete_Options (Ctx, Seq_Ctx) - then - Present (Ctx, F_Options) - and Context_Cursor (Ctx, F_Data) = Context_Cursor (Ctx, F_Data)'Old - else - Invalid (Ctx, F_Options) - and Invalid (Ctx, F_Data)) - and Has_Buffer (Ctx) - and not RFLX.DCCP.Options.Has_Buffer (Seq_Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Seq_Ctx.First = Seq_Ctx.First'Old - and Seq_Ctx.Last = Seq_Ctx.Last'Old - and Field_First (Ctx, F_Options) = Field_First (Ctx, F_Options)'Old - and Field_Size (Ctx, F_Options) = Field_Size (Ctx, F_Options)'Old - and Context_Cursor (Ctx, F_Source_Port) = Context_Cursor (Ctx, F_Source_Port)'Old - and Context_Cursor (Ctx, F_Destination_Port) = Context_Cursor (Ctx, F_Destination_Port)'Old - and Context_Cursor (Ctx, F_Data_Offset) = Context_Cursor (Ctx, F_Data_Offset)'Old - and Context_Cursor (Ctx, F_CCVal) = Context_Cursor (Ctx, F_CCVal)'Old - and Context_Cursor (Ctx, F_CsCov) = Context_Cursor (Ctx, F_CsCov)'Old - and Context_Cursor (Ctx, F_Checksum) = Context_Cursor (Ctx, F_Checksum)'Old - and Context_Cursor (Ctx, F_Res_3) = Context_Cursor (Ctx, F_Res_3)'Old - and Context_Cursor (Ctx, F_Packet_Type) = Context_Cursor (Ctx, F_Packet_Type)'Old - and Context_Cursor (Ctx, F_X) = Context_Cursor (Ctx, F_X)'Old - and Context_Cursor (Ctx, F_Res_8) = Context_Cursor (Ctx, F_Res_8)'Old - and Context_Cursor (Ctx, F_Sequence_Number_Short) = Context_Cursor (Ctx, F_Sequence_Number_Short)'Old - and Context_Cursor (Ctx, F_Sequence_Number_Long) = Context_Cursor (Ctx, F_Sequence_Number_Long)'Old - and Context_Cursor (Ctx, F_Ack_Reserved_Short) = Context_Cursor (Ctx, F_Ack_Reserved_Short)'Old - and Context_Cursor (Ctx, F_Ack_Reserved_Long) = Context_Cursor (Ctx, F_Ack_Reserved_Long)'Old - and Context_Cursor (Ctx, F_Ack_Number_Short) = Context_Cursor (Ctx, F_Ack_Number_Short)'Old - and Context_Cursor (Ctx, F_Ack_Number_Long) = Context_Cursor (Ctx, F_Ack_Number_Long)'Old - and Context_Cursor (Ctx, F_Reset_Code) = Context_Cursor (Ctx, F_Reset_Code)'Old - and Context_Cursor (Ctx, F_Service_Code) = Context_Cursor (Ctx, F_Service_Code)'Old - and Context_Cursor (Ctx, F_Data_1) = Context_Cursor (Ctx, F_Data_1)'Old - and Context_Cursor (Ctx, F_Data_2) = Context_Cursor (Ctx, F_Data_2)'Old - and Context_Cursor (Ctx, F_Data_3) = Context_Cursor (Ctx, F_Data_3)'Old, - Depends => - (Ctx => (Ctx, Seq_Ctx), Seq_Ctx => Seq_Ctx); - - function Context_Cursor (Ctx : Context; Fld : Field) return Field_Cursor with - Annotate => - (GNATprove, Inline_For_Proof), - Ghost; - - function Context_Cursors (Ctx : Context) return Field_Cursors with - Annotate => - (GNATprove, Inline_For_Proof), - Ghost; - - function Context_Cursors_Index (Cursors : Field_Cursors; Fld : Field) return Field_Cursor with - Annotate => - (GNATprove, Inline_For_Proof), - Ghost; - -private - - type Cursor_State is (S_Valid, S_Well_Formed, S_Invalid, S_Incomplete); - - type Field_Cursor (State : Cursor_State := S_Invalid) is - record - Predecessor : Virtual_Field := F_Final; - case State is - when S_Valid | S_Well_Formed => - First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; - Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - Value : RFLX_Types.Base_Integer := 0; - when S_Invalid | S_Incomplete => - null; - end case; - end record; - - type Field_Cursors is array (Virtual_Field) of Field_Cursor; - - function Well_Formed (Cursor : Field_Cursor) return Boolean is - (Cursor.State = S_Valid - or Cursor.State = S_Well_Formed); - - function Valid (Cursor : Field_Cursor) return Boolean is - (Cursor.State = S_Valid); - - function Invalid (Cursor : Field_Cursor) return Boolean is - (Cursor.State = S_Invalid - or Cursor.State = S_Incomplete); - - pragma Warnings (Off, """Buffer"" is not modified, could be of access constant type"); - - pragma Warnings (Off, "postcondition does not mention function result"); - - function Valid_Context (Buffer_First, Buffer_Last : RFLX_Types.Index; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Verified_Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length; Buffer : RFLX_Types.Bytes_Ptr; Cursors : Field_Cursors) return Boolean is - ((if Buffer /= null then Buffer'First = Buffer_First and Buffer'Last = Buffer_Last) - and then (RFLX_Types.To_Index (First) >= Buffer_First - and RFLX_Types.To_Index (Last) <= Buffer_Last - and Buffer_Last < RFLX_Types.Index'Last - and First <= Last + 1 - and Last < RFLX_Types.Bit_Index'Last - and First rem RFLX_Types.Byte'Size = 1 - and Last rem RFLX_Types.Byte'Size = 0) - and then First - 1 <= Verified_Last - and then First - 1 <= Written_Last - and then Verified_Last <= Written_Last - and then Written_Last <= Last - and then First rem RFLX_Types.Byte'Size = 1 - and then Last rem RFLX_Types.Byte'Size = 0 - and then Verified_Last rem RFLX_Types.Byte'Size = 0 - and then Written_Last rem RFLX_Types.Byte'Size = 0 - and then (for all F in Field => - (if - Well_Formed (Cursors (F)) - then - Cursors (F).First >= First - and Cursors (F).Last <= Verified_Last - and Cursors (F).First <= Cursors (F).Last + 1 - and Valid_Value (F, Cursors (F).Value))) - and then ((if - Well_Formed (Cursors (F_Destination_Port)) - then - (Valid (Cursors (F_Source_Port)) - and then Cursors (F_Destination_Port).Predecessor = F_Source_Port)) - and then (if - Well_Formed (Cursors (F_Data_Offset)) - then - (Valid (Cursors (F_Destination_Port)) - and then Cursors (F_Data_Offset).Predecessor = F_Destination_Port)) - and then (if - Well_Formed (Cursors (F_CCVal)) - then - (Valid (Cursors (F_Data_Offset)) - and then Cursors (F_CCVal).Predecessor = F_Data_Offset)) - and then (if - Well_Formed (Cursors (F_CsCov)) - then - (Valid (Cursors (F_CCVal)) - and then Cursors (F_CsCov).Predecessor = F_CCVal)) - and then (if - Well_Formed (Cursors (F_Checksum)) - then - (Valid (Cursors (F_CsCov)) - and then Cursors (F_Checksum).Predecessor = F_CsCov)) - and then (if - Well_Formed (Cursors (F_Res_3)) - then - (Valid (Cursors (F_Checksum)) - and then Cursors (F_Res_3).Predecessor = F_Checksum)) - and then (if - Well_Formed (Cursors (F_Packet_Type)) - then - (Valid (Cursors (F_Res_3)) - and then Cursors (F_Packet_Type).Predecessor = F_Res_3)) - and then (if - Well_Formed (Cursors (F_X)) - then - (Valid (Cursors (F_Packet_Type)) - and then Cursors (F_X).Predecessor = F_Packet_Type)) - and then (if - Well_Formed (Cursors (F_Res_8)) - then - (Valid (Cursors (F_X)) - and then Cursors (F_Res_8).Predecessor = F_X - and then RFLX_Types.Base_Integer (Cursors (F_X).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)))) - and then (if - Well_Formed (Cursors (F_Sequence_Number_Short)) - then - (Valid (Cursors (F_X)) - and then Cursors (F_Sequence_Number_Short).Predecessor = F_X - and then RFLX_Types.Base_Integer (Cursors (F_X).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)))) - and then (if - Well_Formed (Cursors (F_Sequence_Number_Long)) - then - (Valid (Cursors (F_Res_8)) - and then Cursors (F_Sequence_Number_Long).Predecessor = F_Res_8)) - and then (if - Well_Formed (Cursors (F_Ack_Reserved_Short)) - then - (Valid (Cursors (F_Sequence_Number_Short)) - and then Cursors (F_Ack_Reserved_Short).Predecessor = F_Sequence_Number_Short - and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST))))) - and then (if - Well_Formed (Cursors (F_Ack_Reserved_Long)) - then - (Valid (Cursors (F_Sequence_Number_Long)) - and then Cursors (F_Ack_Reserved_Long).Predecessor = F_Sequence_Number_Long - and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST))))) - and then (if - Well_Formed (Cursors (F_Ack_Number_Short)) - then - (Valid (Cursors (F_Ack_Reserved_Short)) - and then Cursors (F_Ack_Number_Short).Predecessor = F_Ack_Reserved_Short)) - and then (if - Well_Formed (Cursors (F_Ack_Number_Long)) - then - (Valid (Cursors (F_Ack_Reserved_Long)) - and then Cursors (F_Ack_Number_Long).Predecessor = F_Ack_Reserved_Long)) - and then (if - Well_Formed (Cursors (F_Reset_Code)) - then - (Valid (Cursors (F_Ack_Number_Long)) - and then Cursors (F_Reset_Code).Predecessor = F_Ack_Number_Long - and then RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)))) - and then (if - Well_Formed (Cursors (F_Service_Code)) - then - (Valid (Cursors (F_Ack_Number_Long)) - and then Cursors (F_Service_Code).Predecessor = F_Ack_Number_Long - and then RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE))) - or (Valid (Cursors (F_Sequence_Number_Long)) - and then Cursors (F_Service_Code).Predecessor = F_Sequence_Number_Long - and then RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)))) - and then (if - Well_Formed (Cursors (F_Data_1)) - then - (Valid (Cursors (F_Reset_Code)) - and then Cursors (F_Data_1).Predecessor = F_Reset_Code)) - and then (if - Well_Formed (Cursors (F_Data_2)) - then - (Valid (Cursors (F_Data_1)) - and then Cursors (F_Data_2).Predecessor = F_Data_1)) - and then (if - Well_Formed (Cursors (F_Data_3)) - then - (Valid (Cursors (F_Data_2)) - and then Cursors (F_Data_3).Predecessor = F_Data_2)) - and then (if - Well_Formed (Cursors (F_Options)) - then - (Valid (Cursors (F_Ack_Number_Long)) - and then Cursors (F_Options).Predecessor = F_Ack_Number_Long - and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1)) - or (Valid (Cursors (F_Ack_Number_Short)) - and then Cursors (F_Options).Predecessor = F_Ack_Number_Short - and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1)) - or (Valid (Cursors (F_Data_3)) - and then Cursors (F_Options).Predecessor = F_Data_3 - and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (First) + 1) - or (Valid (Cursors (F_Sequence_Number_Long)) - and then Cursors (F_Options).Predecessor = F_Sequence_Number_Long - and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1)) - or (Valid (Cursors (F_Sequence_Number_Short)) - and then Cursors (F_Options).Predecessor = F_Sequence_Number_Short - and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1)) - or (Valid (Cursors (F_Service_Code)) - and then Cursors (F_Options).Predecessor = F_Service_Code - and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (First) + 1)) - and then (if - Well_Formed (Cursors (F_Data)) - then - (Valid (Cursors (F_Ack_Number_Long)) - and then Cursors (F_Data).Predecessor = F_Ack_Number_Long - and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1)) - or (Valid (Cursors (F_Ack_Number_Short)) - and then Cursors (F_Data).Predecessor = F_Ack_Number_Short - and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1)) - or (Valid (Cursors (F_Data_3)) - and then Cursors (F_Data).Predecessor = F_Data_3 - and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (First) + 1) - or (Well_Formed (Cursors (F_Options)) - and then Cursors (F_Data).Predecessor = F_Options) - or (Valid (Cursors (F_Sequence_Number_Long)) - and then Cursors (F_Data).Predecessor = F_Sequence_Number_Long - and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1)) - or (Valid (Cursors (F_Sequence_Number_Short)) - and then Cursors (F_Data).Predecessor = F_Sequence_Number_Short - and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1)) - or (Valid (Cursors (F_Service_Code)) - and then Cursors (F_Data).Predecessor = F_Service_Code - and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (First) + 1))) - and then ((if Invalid (Cursors (F_Source_Port)) then Invalid (Cursors (F_Destination_Port))) - and then (if Invalid (Cursors (F_Destination_Port)) then Invalid (Cursors (F_Data_Offset))) - and then (if Invalid (Cursors (F_Data_Offset)) then Invalid (Cursors (F_CCVal))) - and then (if Invalid (Cursors (F_CCVal)) then Invalid (Cursors (F_CsCov))) - and then (if Invalid (Cursors (F_CsCov)) then Invalid (Cursors (F_Checksum))) - and then (if Invalid (Cursors (F_Checksum)) then Invalid (Cursors (F_Res_3))) - and then (if Invalid (Cursors (F_Res_3)) then Invalid (Cursors (F_Packet_Type))) - and then (if Invalid (Cursors (F_Packet_Type)) then Invalid (Cursors (F_X))) - and then (if Invalid (Cursors (F_X)) then Invalid (Cursors (F_Res_8))) - and then (if Invalid (Cursors (F_X)) then Invalid (Cursors (F_Sequence_Number_Short))) - and then (if Invalid (Cursors (F_Res_8)) then Invalid (Cursors (F_Sequence_Number_Long))) - and then (if Invalid (Cursors (F_Sequence_Number_Short)) then Invalid (Cursors (F_Ack_Reserved_Short))) - and then (if Invalid (Cursors (F_Sequence_Number_Long)) then Invalid (Cursors (F_Ack_Reserved_Long))) - and then (if Invalid (Cursors (F_Ack_Reserved_Short)) then Invalid (Cursors (F_Ack_Number_Short))) - and then (if Invalid (Cursors (F_Ack_Reserved_Long)) then Invalid (Cursors (F_Ack_Number_Long))) - and then (if Invalid (Cursors (F_Ack_Number_Long)) then Invalid (Cursors (F_Reset_Code))) - and then (if - Invalid (Cursors (F_Ack_Number_Long)) - and then Invalid (Cursors (F_Sequence_Number_Long)) - then - Invalid (Cursors (F_Service_Code))) - and then (if Invalid (Cursors (F_Reset_Code)) then Invalid (Cursors (F_Data_1))) - and then (if Invalid (Cursors (F_Data_1)) then Invalid (Cursors (F_Data_2))) - and then (if Invalid (Cursors (F_Data_2)) then Invalid (Cursors (F_Data_3))) - and then (if - Invalid (Cursors (F_Ack_Number_Long)) - and then Invalid (Cursors (F_Ack_Number_Short)) - and then Invalid (Cursors (F_Data_3)) - and then Invalid (Cursors (F_Sequence_Number_Long)) - and then Invalid (Cursors (F_Sequence_Number_Short)) - and then Invalid (Cursors (F_Service_Code)) - then - Invalid (Cursors (F_Options))) - and then (if - Invalid (Cursors (F_Ack_Number_Long)) - and then Invalid (Cursors (F_Ack_Number_Short)) - and then Invalid (Cursors (F_Data_3)) - and then Invalid (Cursors (F_Options)) - and then Invalid (Cursors (F_Sequence_Number_Long)) - and then Invalid (Cursors (F_Sequence_Number_Short)) - and then Invalid (Cursors (F_Service_Code)) - then - Invalid (Cursors (F_Data)))) - and then ((if - Well_Formed (Cursors (F_Source_Port)) - then - (Cursors (F_Source_Port).Last - Cursors (F_Source_Port).First + 1 = 16 - and then Cursors (F_Source_Port).Predecessor = F_Initial - and then Cursors (F_Source_Port).First = First)) - and then (if - Well_Formed (Cursors (F_Destination_Port)) - then - (Cursors (F_Destination_Port).Last - Cursors (F_Destination_Port).First + 1 = 16 - and then Cursors (F_Destination_Port).Predecessor = F_Source_Port - and then Cursors (F_Destination_Port).First = Cursors (F_Source_Port).Last + 1)) - and then (if - Well_Formed (Cursors (F_Data_Offset)) - then - (Cursors (F_Data_Offset).Last - Cursors (F_Data_Offset).First + 1 = 8 - and then Cursors (F_Data_Offset).Predecessor = F_Destination_Port - and then Cursors (F_Data_Offset).First = Cursors (F_Destination_Port).Last + 1)) - and then (if - Well_Formed (Cursors (F_CCVal)) - then - (Cursors (F_CCVal).Last - Cursors (F_CCVal).First + 1 = 4 - and then Cursors (F_CCVal).Predecessor = F_Data_Offset - and then Cursors (F_CCVal).First = Cursors (F_Data_Offset).Last + 1)) - and then (if - Well_Formed (Cursors (F_CsCov)) - then - (Cursors (F_CsCov).Last - Cursors (F_CsCov).First + 1 = 4 - and then Cursors (F_CsCov).Predecessor = F_CCVal - and then Cursors (F_CsCov).First = Cursors (F_CCVal).Last + 1)) - and then (if - Well_Formed (Cursors (F_Checksum)) - then - (Cursors (F_Checksum).Last - Cursors (F_Checksum).First + 1 = 16 - and then Cursors (F_Checksum).Predecessor = F_CsCov - and then Cursors (F_Checksum).First = Cursors (F_CsCov).Last + 1)) - and then (if - Well_Formed (Cursors (F_Res_3)) - then - (Cursors (F_Res_3).Last - Cursors (F_Res_3).First + 1 = 3 - and then Cursors (F_Res_3).Predecessor = F_Checksum - and then Cursors (F_Res_3).First = Cursors (F_Checksum).Last + 1)) - and then (if - Well_Formed (Cursors (F_Packet_Type)) - then - (Cursors (F_Packet_Type).Last - Cursors (F_Packet_Type).First + 1 = 4 - and then Cursors (F_Packet_Type).Predecessor = F_Res_3 - and then Cursors (F_Packet_Type).First = Cursors (F_Res_3).Last + 1)) - and then (if - Well_Formed (Cursors (F_X)) - then - (Cursors (F_X).Last - Cursors (F_X).First + 1 = 1 - and then Cursors (F_X).Predecessor = F_Packet_Type - and then Cursors (F_X).First = Cursors (F_Packet_Type).Last + 1)) - and then (if - Well_Formed (Cursors (F_Res_8)) - then - (Cursors (F_Res_8).Last - Cursors (F_Res_8).First + 1 = 8 - and then Cursors (F_Res_8).Predecessor = F_X - and then Cursors (F_Res_8).First = Cursors (F_X).Last + 1)) - and then (if - Well_Formed (Cursors (F_Sequence_Number_Short)) - then - (Cursors (F_Sequence_Number_Short).Last - Cursors (F_Sequence_Number_Short).First + 1 = 24 - and then Cursors (F_Sequence_Number_Short).Predecessor = F_X - and then Cursors (F_Sequence_Number_Short).First = Cursors (F_X).Last + 1)) - and then (if - Well_Formed (Cursors (F_Sequence_Number_Long)) - then - (Cursors (F_Sequence_Number_Long).Last - Cursors (F_Sequence_Number_Long).First + 1 = 48 - and then Cursors (F_Sequence_Number_Long).Predecessor = F_Res_8 - and then Cursors (F_Sequence_Number_Long).First = Cursors (F_Res_8).Last + 1)) - and then (if - Well_Formed (Cursors (F_Ack_Reserved_Short)) - then - (Cursors (F_Ack_Reserved_Short).Last - Cursors (F_Ack_Reserved_Short).First + 1 = 8 - and then Cursors (F_Ack_Reserved_Short).Predecessor = F_Sequence_Number_Short - and then Cursors (F_Ack_Reserved_Short).First = Cursors (F_Sequence_Number_Short).Last + 1)) - and then (if - Well_Formed (Cursors (F_Ack_Reserved_Long)) - then - (Cursors (F_Ack_Reserved_Long).Last - Cursors (F_Ack_Reserved_Long).First + 1 = 16 - and then Cursors (F_Ack_Reserved_Long).Predecessor = F_Sequence_Number_Long - and then Cursors (F_Ack_Reserved_Long).First = Cursors (F_Sequence_Number_Long).Last + 1)) - and then (if - Well_Formed (Cursors (F_Ack_Number_Short)) - then - (Cursors (F_Ack_Number_Short).Last - Cursors (F_Ack_Number_Short).First + 1 = 24 - and then Cursors (F_Ack_Number_Short).Predecessor = F_Ack_Reserved_Short - and then Cursors (F_Ack_Number_Short).First = Cursors (F_Ack_Reserved_Short).Last + 1)) - and then (if - Well_Formed (Cursors (F_Ack_Number_Long)) - then - (Cursors (F_Ack_Number_Long).Last - Cursors (F_Ack_Number_Long).First + 1 = 48 - and then Cursors (F_Ack_Number_Long).Predecessor = F_Ack_Reserved_Long - and then Cursors (F_Ack_Number_Long).First = Cursors (F_Ack_Reserved_Long).Last + 1)) - and then (if - Well_Formed (Cursors (F_Reset_Code)) - then - (Cursors (F_Reset_Code).Last - Cursors (F_Reset_Code).First + 1 = 8 - and then Cursors (F_Reset_Code).Predecessor = F_Ack_Number_Long - and then Cursors (F_Reset_Code).First = Cursors (F_Ack_Number_Long).Last + 1)) - and then (if - Well_Formed (Cursors (F_Service_Code)) - then - (if - Well_Formed (Cursors (F_Ack_Number_Long)) - and then RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)) - then - Cursors (F_Service_Code).Last - Cursors (F_Service_Code).First + 1 = 32 - and then Cursors (F_Service_Code).Predecessor = F_Ack_Number_Long - and then Cursors (F_Service_Code).First = Cursors (F_Ack_Number_Long).Last + 1) - and then (if - Well_Formed (Cursors (F_Sequence_Number_Long)) - and then RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) - then - Cursors (F_Service_Code).Last - Cursors (F_Service_Code).First + 1 = 32 - and then Cursors (F_Service_Code).Predecessor = F_Sequence_Number_Long - and then Cursors (F_Service_Code).First = Cursors (F_Sequence_Number_Long).Last + 1)) - and then (if - Well_Formed (Cursors (F_Data_1)) - then - (Cursors (F_Data_1).Last - Cursors (F_Data_1).First + 1 = 8 - and then Cursors (F_Data_1).Predecessor = F_Reset_Code - and then Cursors (F_Data_1).First = Cursors (F_Reset_Code).Last + 1)) - and then (if - Well_Formed (Cursors (F_Data_2)) - then - (Cursors (F_Data_2).Last - Cursors (F_Data_2).First + 1 = 8 - and then Cursors (F_Data_2).Predecessor = F_Data_1 - and then Cursors (F_Data_2).First = Cursors (F_Data_1).Last + 1)) - and then (if - Well_Formed (Cursors (F_Data_3)) - then - (Cursors (F_Data_3).Last - Cursors (F_Data_3).First + 1 = 8 - and then Cursors (F_Data_3).Predecessor = F_Data_2 - and then Cursors (F_Data_3).First = Cursors (F_Data_2).Last + 1)) - and then (if - Well_Formed (Cursors (F_Options)) - then - (if - Well_Formed (Cursors (F_Ack_Number_Long)) - and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1) - then - Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Cursors (F_Ack_Number_Long).Last)) + RFLX_Types.Bit_Length (First) - 1) - and then Cursors (F_Options).Predecessor = F_Ack_Number_Long - and then Cursors (F_Options).First = Cursors (F_Ack_Number_Long).Last + 1) - and then (if - Well_Formed (Cursors (F_Ack_Number_Short)) - and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1) - then - Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Cursors (F_Ack_Number_Short).Last)) + RFLX_Types.Bit_Length (First) - 1) - and then Cursors (F_Options).Predecessor = F_Ack_Number_Short - and then Cursors (F_Options).First = Cursors (F_Ack_Number_Short).Last + 1) - and then (if - Well_Formed (Cursors (F_Data_3)) - and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (First) + 1 - then - Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Cursors (F_Data_3).Last)) + RFLX_Types.Bit_Length (First) - 1) - and then Cursors (F_Options).Predecessor = F_Data_3 - and then Cursors (F_Options).First = Cursors (F_Data_3).Last + 1) - and then (if - Well_Formed (Cursors (F_Sequence_Number_Long)) - and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1) - then - Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Cursors (F_Sequence_Number_Long).Last)) + RFLX_Types.Bit_Length (First) - 1) - and then Cursors (F_Options).Predecessor = F_Sequence_Number_Long - and then Cursors (F_Options).First = Cursors (F_Sequence_Number_Long).Last + 1) - and then (if - Well_Formed (Cursors (F_Sequence_Number_Short)) - and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1) - then - Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Cursors (F_Sequence_Number_Short).Last)) + RFLX_Types.Bit_Length (First) - 1) - and then Cursors (F_Options).Predecessor = F_Sequence_Number_Short - and then Cursors (F_Options).First = Cursors (F_Sequence_Number_Short).Last + 1) - and then (if - Well_Formed (Cursors (F_Service_Code)) - and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (First) + 1 - then - Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Cursors (F_Service_Code).Last)) + RFLX_Types.Bit_Length (First) - 1) - and then Cursors (F_Options).Predecessor = F_Service_Code - and then Cursors (F_Options).First = Cursors (F_Service_Code).Last + 1)) - and then (if - Well_Formed (Cursors (F_Data)) - then - (if - Well_Formed (Cursors (F_Ack_Number_Long)) - and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1) - then - Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Ack_Number_Long).Last) - and then Cursors (F_Data).Predecessor = F_Ack_Number_Long - and then Cursors (F_Data).First = Cursors (F_Ack_Number_Long).Last + 1) - and then (if - Well_Formed (Cursors (F_Ack_Number_Short)) - and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1) - then - Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Ack_Number_Short).Last) - and then Cursors (F_Data).Predecessor = F_Ack_Number_Short - and then Cursors (F_Data).First = Cursors (F_Ack_Number_Short).Last + 1) - and then (if - Well_Formed (Cursors (F_Data_3)) - and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (First) + 1 - then - Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Data_3).Last) - and then Cursors (F_Data).Predecessor = F_Data_3 - and then Cursors (F_Data).First = Cursors (F_Data_3).Last + 1) - and then (if - Well_Formed (Cursors (F_Options)) - and then True - then - Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Options).Last) - and then Cursors (F_Data).Predecessor = F_Options - and then Cursors (F_Data).First = Cursors (F_Options).Last + 1) - and then (if - Well_Formed (Cursors (F_Sequence_Number_Long)) - and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1) - then - Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Sequence_Number_Long).Last) - and then Cursors (F_Data).Predecessor = F_Sequence_Number_Long - and then Cursors (F_Data).First = Cursors (F_Sequence_Number_Long).Last + 1) - and then (if - Well_Formed (Cursors (F_Sequence_Number_Short)) - and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1) - then - Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Sequence_Number_Short).Last) - and then Cursors (F_Data).Predecessor = F_Sequence_Number_Short - and then Cursors (F_Data).First = Cursors (F_Sequence_Number_Short).Last + 1) - and then (if - Well_Formed (Cursors (F_Service_Code)) - and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (First) + 1 - then - Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Service_Code).Last) - and then Cursors (F_Data).Predecessor = F_Service_Code - and then Cursors (F_Data).First = Cursors (F_Service_Code).Last + 1)))) - with - Post => - True; - - pragma Warnings (On, """Buffer"" is not modified, could be of access constant type"); - - pragma Warnings (On, "postcondition does not mention function result"); - - type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is - record - Verified_Last : RFLX_Types.Bit_Length := First - 1; - Written_Last : RFLX_Types.Bit_Length := First - 1; - Buffer : RFLX_Types.Bytes_Ptr := null; - Cursors : Field_Cursors := (others => (State => S_Invalid, Predecessor => F_Final)); - end record with - Dynamic_Predicate => - Valid_Context (Context.Buffer_First, Context.Buffer_Last, Context.First, Context.Last, Context.Verified_Last, Context.Written_Last, Context.Buffer, Context.Cursors); - - function Initialized (Ctx : Context) return Boolean is - (Ctx.Verified_Last = Ctx.First - 1 - and then Valid_Next (Ctx, F_Source_Port) - and then RFLX.DCCP.Packet.Field_First (Ctx, RFLX.DCCP.Packet.F_Source_Port) rem RFLX_Types.Byte'Size = 1 - and then Available_Space (Ctx, F_Source_Port) = Ctx.Last - Ctx.First + 1 - and then (for all F in Field => - Invalid (Ctx, F))); - - function Has_Buffer (Ctx : Context) return Boolean is - (Ctx.Buffer /= null); - - function Buffer_Length (Ctx : Context) return RFLX_Types.Length is - (Ctx.Buffer'Length); - - function Size (Ctx : Context) return RFLX_Types.Bit_Length is - (Ctx.Verified_Last - Ctx.First + 1); - - function Byte_Size (Ctx : Context) return RFLX_Types.Length is - (RFLX_Types.To_Length (Size (Ctx))); - - function Message_Last (Ctx : Context) return RFLX_Types.Bit_Length is - (Ctx.Verified_Last); - - function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is - (Ctx.Written_Last); - - function Valid_Value (Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean is - ((case Fld is - when F_Source_Port | F_Destination_Port => - RFLX.DCCP.Valid_Port_Type (Val), - when F_Data_Offset => - RFLX.DCCP.Valid_Data_Offset_Type (Val), - when F_CCVal => - RFLX.DCCP.Valid_CCVal_Type (Val), - when F_CsCov => - RFLX.DCCP.Valid_Checksum_Coverage_Type (Val), - when F_Checksum => - RFLX.DCCP.Valid_Checksum_Type (Val), - when F_Res_3 => - RFLX.DCCP.Valid_Reserved_3_Type (Val), - when F_Packet_Type => - RFLX.DCCP.Valid_Type_Field (Val), - when F_X => - RFLX.DCCP.Valid_Ext_Seq_Type (Val), - when F_Res_8 => - RFLX.DCCP.Valid_Reserved_8_Type (Val), - when F_Sequence_Number_Short => - RFLX.DCCP.Valid_Sequence_Number_Short_Type (Val), - when F_Sequence_Number_Long => - RFLX.DCCP.Valid_Sequence_Number_Long_Type (Val), - when F_Ack_Reserved_Short => - RFLX.DCCP.Valid_Reserved_8_Type (Val), - when F_Ack_Reserved_Long => - RFLX.DCCP.Valid_Reserved_16_Type (Val), - when F_Ack_Number_Short => - RFLX.DCCP.Valid_Ack_Number_Short_Type (Val), - when F_Ack_Number_Long => - RFLX.DCCP.Valid_Ack_Number_Long_Type (Val), - when F_Reset_Code => - RFLX.DCCP.Valid_Reset_Code_Type (Val), - when F_Service_Code => - RFLX.DCCP.Valid_Service_Code_Type (Val), - when F_Data_1 | F_Data_2 | F_Data_3 => - RFLX.DCCP.Valid_Data_Type (Val), - when F_Options | F_Data => - True)); - - function Path_Condition (Ctx : Context; Fld : Field) return Boolean is - ((case Ctx.Cursors (Fld).Predecessor is - when F_Initial | F_Source_Port | F_Destination_Port | F_Data_Offset | F_CCVal | F_CsCov | F_Checksum | F_Res_3 | F_Packet_Type | F_Res_8 | F_Ack_Reserved_Short | F_Ack_Reserved_Long | F_Reset_Code | F_Data_1 | F_Data_2 | F_Options | F_Data | F_Final => - True, - when F_X => - (case Fld is - when F_Res_8 => - RFLX_Types.Base_Integer (Ctx.Cursors (F_X).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)), - when F_Sequence_Number_Short => - RFLX_Types.Base_Integer (Ctx.Cursors (F_X).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)), - when others => - False), - when F_Sequence_Number_Short => - (case Fld is - when F_Ack_Reserved_Short => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)), - when F_Data => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when F_Options => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when others => - False), - when F_Sequence_Number_Long => - (case Fld is - when F_Ack_Reserved_Long => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)), - when F_Data => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when F_Options => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when F_Service_Code => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)), - when others => - False), - when F_Ack_Number_Short => - (case Fld is - when F_Data => - (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when F_Options => - (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when others => - False), - when F_Ack_Number_Long => - (case Fld is - when F_Data => - (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when F_Options => - (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when F_Reset_Code => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)), - when F_Service_Code => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)), - when others => - False), - when F_Service_Code => - (case Fld is - when F_Data => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when F_Options => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when others => - False), - when F_Data_3 => - (case Fld is - when F_Data => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when F_Options => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when others => - False))); - - function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean is - ((case Fld is - when F_Source_Port | F_Destination_Port | F_Data_Offset | F_CCVal | F_CsCov | F_Checksum | F_Res_3 | F_Packet_Type => - True, - when F_X => - Val = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)) - or Val = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)), - when F_Res_8 => - True, - when F_Sequence_Number_Short => - (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST))) - or (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1) - or (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1), - when F_Sequence_Number_Long => - (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST))) - or (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1) - or (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)), - when F_Ack_Reserved_Short | F_Ack_Reserved_Long => - True, - when F_Ack_Number_Short => - ((RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1) - or ((RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1), - when F_Ack_Number_Long => - ((RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1) - or ((RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)) - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)), - when F_Reset_Code => - True, - when F_Service_Code => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when F_Data_1 | F_Data_2 => - True, - when F_Data_3 => - RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 - or RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1, - when F_Options | F_Data => - True)); - - function Field_Size (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is - ((case Fld is - when F_Source_Port | F_Destination_Port => - 16, - when F_Data_Offset => - 8, - when F_CCVal | F_CsCov => - 4, - when F_Checksum => - 16, - when F_Res_3 => - 3, - when F_Packet_Type => - 4, - when F_X => - 1, - when F_Res_8 => - 8, - when F_Sequence_Number_Short => - 24, - when F_Sequence_Number_Long => - 48, - when F_Ack_Reserved_Short => - 8, - when F_Ack_Reserved_Long => - 16, - when F_Ack_Number_Short => - 24, - when F_Ack_Number_Long => - 48, - when F_Reset_Code => - 8, - when F_Service_Code => - 32, - when F_Data_1 | F_Data_2 | F_Data_3 => - 8, - when F_Options => - (if - Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long - and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) - elsif - Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short - and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) - elsif - Ctx.Cursors (Fld).Predecessor = F_Data_3 - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) - elsif - Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) - elsif - Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) - elsif - Ctx.Cursors (Fld).Predecessor = F_Service_Code - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 - then - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) - else - RFLX_Types.Unreachable), - when F_Data => - (if - Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long - and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) - elsif - Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short - and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) - elsif - Ctx.Cursors (Fld).Predecessor = F_Data_3 - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) - elsif - Ctx.Cursors (Fld).Predecessor = F_Options - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Options).Last) - elsif - Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) - elsif - Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) - elsif - Ctx.Cursors (Fld).Predecessor = F_Service_Code - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 - then - RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) - else - RFLX_Types.Unreachable))); - - function Field_First (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Index is - ((if Fld = F_Source_Port then Ctx.First else Ctx.Cursors (Ctx.Cursors (Fld).Predecessor).Last + 1)); - - function Field_Last (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is - (Field_First (Ctx, Fld) + Field_Size (Ctx, Fld) - 1); - - function Predecessor (Ctx : Context; Fld : Virtual_Field) return Virtual_Field is - ((case Fld is - when F_Initial => - F_Initial, - when others => - Ctx.Cursors (Fld).Predecessor)); - - function Valid_Predecessor (Ctx : Context; Fld : Virtual_Field) return Boolean is - ((case Fld is - when F_Initial => - True, - when F_Source_Port => - Ctx.Cursors (Fld).Predecessor = F_Initial, - when F_Destination_Port => - (Valid (Ctx.Cursors (F_Source_Port)) - and Ctx.Cursors (Fld).Predecessor = F_Source_Port), - when F_Data_Offset => - (Valid (Ctx.Cursors (F_Destination_Port)) - and Ctx.Cursors (Fld).Predecessor = F_Destination_Port), - when F_CCVal => - (Valid (Ctx.Cursors (F_Data_Offset)) - and Ctx.Cursors (Fld).Predecessor = F_Data_Offset), - when F_CsCov => - (Valid (Ctx.Cursors (F_CCVal)) - and Ctx.Cursors (Fld).Predecessor = F_CCVal), - when F_Checksum => - (Valid (Ctx.Cursors (F_CsCov)) - and Ctx.Cursors (Fld).Predecessor = F_CsCov), - when F_Res_3 => - (Valid (Ctx.Cursors (F_Checksum)) - and Ctx.Cursors (Fld).Predecessor = F_Checksum), - when F_Packet_Type => - (Valid (Ctx.Cursors (F_Res_3)) - and Ctx.Cursors (Fld).Predecessor = F_Res_3), - when F_X => - (Valid (Ctx.Cursors (F_Packet_Type)) - and Ctx.Cursors (Fld).Predecessor = F_Packet_Type), - when F_Res_8 | F_Sequence_Number_Short => - (Valid (Ctx.Cursors (F_X)) - and Ctx.Cursors (Fld).Predecessor = F_X), - when F_Sequence_Number_Long => - (Valid (Ctx.Cursors (F_Res_8)) - and Ctx.Cursors (Fld).Predecessor = F_Res_8), - when F_Ack_Reserved_Short => - (Valid (Ctx.Cursors (F_Sequence_Number_Short)) - and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short), - when F_Ack_Reserved_Long => - (Valid (Ctx.Cursors (F_Sequence_Number_Long)) - and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long), - when F_Ack_Number_Short => - (Valid (Ctx.Cursors (F_Ack_Reserved_Short)) - and Ctx.Cursors (Fld).Predecessor = F_Ack_Reserved_Short), - when F_Ack_Number_Long => - (Valid (Ctx.Cursors (F_Ack_Reserved_Long)) - and Ctx.Cursors (Fld).Predecessor = F_Ack_Reserved_Long), - when F_Reset_Code => - (Valid (Ctx.Cursors (F_Ack_Number_Long)) - and Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long), - when F_Service_Code => - (Valid (Ctx.Cursors (F_Ack_Number_Long)) - and Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long) - or (Valid (Ctx.Cursors (F_Sequence_Number_Long)) - and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long), - when F_Data_1 => - (Valid (Ctx.Cursors (F_Reset_Code)) - and Ctx.Cursors (Fld).Predecessor = F_Reset_Code), - when F_Data_2 => - (Valid (Ctx.Cursors (F_Data_1)) - and Ctx.Cursors (Fld).Predecessor = F_Data_1), - when F_Data_3 => - (Valid (Ctx.Cursors (F_Data_2)) - and Ctx.Cursors (Fld).Predecessor = F_Data_2), - when F_Options => - (Valid (Ctx.Cursors (F_Ack_Number_Long)) - and Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long) - or (Valid (Ctx.Cursors (F_Ack_Number_Short)) - and Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short) - or (Valid (Ctx.Cursors (F_Data_3)) - and Ctx.Cursors (Fld).Predecessor = F_Data_3) - or (Valid (Ctx.Cursors (F_Sequence_Number_Long)) - and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long) - or (Valid (Ctx.Cursors (F_Sequence_Number_Short)) - and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short) - or (Valid (Ctx.Cursors (F_Service_Code)) - and Ctx.Cursors (Fld).Predecessor = F_Service_Code), - when F_Data => - (Valid (Ctx.Cursors (F_Ack_Number_Long)) - and Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long) - or (Valid (Ctx.Cursors (F_Ack_Number_Short)) - and Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short) - or (Valid (Ctx.Cursors (F_Data_3)) - and Ctx.Cursors (Fld).Predecessor = F_Data_3) - or (Well_Formed (Ctx.Cursors (F_Options)) - and Ctx.Cursors (Fld).Predecessor = F_Options) - or (Valid (Ctx.Cursors (F_Sequence_Number_Long)) - and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long) - or (Valid (Ctx.Cursors (F_Sequence_Number_Short)) - and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short) - or (Valid (Ctx.Cursors (F_Service_Code)) - and Ctx.Cursors (Fld).Predecessor = F_Service_Code), - when F_Final => - (Well_Formed (Ctx.Cursors (F_Data)) - and Ctx.Cursors (Fld).Predecessor = F_Data))); - - function Valid_Next (Ctx : Context; Fld : Field) return Boolean is - (Valid_Predecessor (Ctx, Fld) - and then Path_Condition (Ctx, Fld)); - - function Available_Space (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is - (Ctx.Last - Field_First (Ctx, Fld) + 1); - - function Sufficient_Space (Ctx : Context; Fld : Field) return Boolean is - (Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld)); - - function Present (Ctx : Context; Fld : Field) return Boolean is - (Well_Formed (Ctx.Cursors (Fld)) - and then Ctx.Cursors (Fld).First < Ctx.Cursors (Fld).Last + 1); - - function Well_Formed (Ctx : Context; Fld : Field) return Boolean is - (Ctx.Cursors (Fld).State = S_Valid - or Ctx.Cursors (Fld).State = S_Well_Formed); - - function Valid (Ctx : Context; Fld : Field) return Boolean is - (Ctx.Cursors (Fld).State = S_Valid - and then Ctx.Cursors (Fld).First < Ctx.Cursors (Fld).Last + 1); - - function Incomplete (Ctx : Context; Fld : Field) return Boolean is - (Ctx.Cursors (Fld).State = S_Incomplete); - - function Invalid (Ctx : Context; Fld : Field) return Boolean is - (Ctx.Cursors (Fld).State = S_Invalid - or Ctx.Cursors (Fld).State = S_Incomplete); - - function Well_Formed_Message (Ctx : Context) return Boolean is - (Well_Formed (Ctx, F_Data)); - - function Valid_Message (Ctx : Context) return Boolean is - (Valid (Ctx, F_Data)); - - function Incomplete_Message (Ctx : Context) return Boolean is - ((for some F in Field => - Incomplete (Ctx, F))); - - function Get_Source_Port (Ctx : Context) return RFLX.DCCP.Port_Type is - (To_Actual (Ctx.Cursors (F_Source_Port).Value)); - - function Get_Destination_Port (Ctx : Context) return RFLX.DCCP.Port_Type is - (To_Actual (Ctx.Cursors (F_Destination_Port).Value)); - - function Get_Data_Offset (Ctx : Context) return RFLX.DCCP.Data_Offset_Type is - (To_Actual (Ctx.Cursors (F_Data_Offset).Value)); - - function Get_CCVal (Ctx : Context) return RFLX.DCCP.CCVal_Type is - (To_Actual (Ctx.Cursors (F_CCVal).Value)); - - function Get_CsCov (Ctx : Context) return RFLX.DCCP.Checksum_Coverage_Type is - (To_Actual (Ctx.Cursors (F_CsCov).Value)); - - function Get_Checksum (Ctx : Context) return RFLX.DCCP.Checksum_Type is - (To_Actual (Ctx.Cursors (F_Checksum).Value)); - - function Get_Res_3 (Ctx : Context) return RFLX.DCCP.Reserved_3_Type is - (To_Actual (Ctx.Cursors (F_Res_3).Value)); - - function Get_Packet_Type (Ctx : Context) return RFLX.DCCP.Type_Field is - (To_Actual (Ctx.Cursors (F_Packet_Type).Value)); - - function Get_X (Ctx : Context) return RFLX.DCCP.Ext_Seq_Type is - (To_Actual (Ctx.Cursors (F_X).Value)); - - function Get_Res_8 (Ctx : Context) return RFLX.DCCP.Reserved_8_Type is - (To_Actual (Ctx.Cursors (F_Res_8).Value)); - - function Get_Sequence_Number_Short (Ctx : Context) return RFLX.DCCP.Sequence_Number_Short_Type is - (To_Actual (Ctx.Cursors (F_Sequence_Number_Short).Value)); - - function Get_Sequence_Number_Long (Ctx : Context) return RFLX.DCCP.Sequence_Number_Long_Type is - (To_Actual (Ctx.Cursors (F_Sequence_Number_Long).Value)); - - function Get_Ack_Reserved_Short (Ctx : Context) return RFLX.DCCP.Reserved_8_Type is - (To_Actual (Ctx.Cursors (F_Ack_Reserved_Short).Value)); - - function Get_Ack_Reserved_Long (Ctx : Context) return RFLX.DCCP.Reserved_16_Type is - (To_Actual (Ctx.Cursors (F_Ack_Reserved_Long).Value)); - - function Get_Ack_Number_Short (Ctx : Context) return RFLX.DCCP.Ack_Number_Short_Type is - (To_Actual (Ctx.Cursors (F_Ack_Number_Short).Value)); - - function Get_Ack_Number_Long (Ctx : Context) return RFLX.DCCP.Ack_Number_Long_Type is - (To_Actual (Ctx.Cursors (F_Ack_Number_Long).Value)); - - function Get_Reset_Code (Ctx : Context) return RFLX.DCCP.Reset_Code_Type is - (To_Actual (Ctx.Cursors (F_Reset_Code).Value)); - - function Get_Service_Code (Ctx : Context) return RFLX.DCCP.Service_Code_Type is - (To_Actual (Ctx.Cursors (F_Service_Code).Value)); - - function Get_Data_1 (Ctx : Context) return RFLX.DCCP.Data_Type is - (To_Actual (Ctx.Cursors (F_Data_1).Value)); - - function Get_Data_2 (Ctx : Context) return RFLX.DCCP.Data_Type is - (To_Actual (Ctx.Cursors (F_Data_2).Value)); - - function Get_Data_3 (Ctx : Context) return RFLX.DCCP.Data_Type is - (To_Actual (Ctx.Cursors (F_Data_3).Value)); - - function Valid_Size (Ctx : Context; Fld : Field; Size : RFLX_Types.Bit_Length) return Boolean is - ((if - Fld = F_Data - and then Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long - and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - Size <= Available_Space (Ctx, Fld) - elsif - Fld = F_Data - and then Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short - and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) - or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - Size <= Available_Space (Ctx, Fld) - elsif - Fld = F_Data - and then Ctx.Cursors (Fld).Predecessor = F_Data_3 - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 - then - Size <= Available_Space (Ctx, Fld) - elsif - Fld = F_Data - and then Ctx.Cursors (Fld).Predecessor = F_Options - then - Size <= Available_Space (Ctx, Fld) - elsif - Fld = F_Data - and then Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - Size <= Available_Space (Ctx, Fld) - elsif - Fld = F_Data - and then Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short - and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) - and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) - then - Size <= Available_Space (Ctx, Fld) - elsif - Fld = F_Data - and then Ctx.Cursors (Fld).Predecessor = F_Service_Code - and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 - then - Size <= Available_Space (Ctx, Fld) - else - Size = Field_Size (Ctx, Fld))) - with - Pre => - RFLX.DCCP.Packet.Valid_Next (Ctx, Fld); - - function Valid_Length (Ctx : Context; Fld : Field; Length : RFLX_Types.Length) return Boolean is - (Valid_Size (Ctx, Fld, RFLX_Types.To_Bit_Length (Length))); - - function Complete_Options (Ctx : Context; Seq_Ctx : RFLX.DCCP.Options.Context) return Boolean is - (RFLX.DCCP.Options.Valid (Seq_Ctx) - and RFLX.DCCP.Options.Size (Seq_Ctx) = Field_Size (Ctx, F_Options)); - - function Context_Cursor (Ctx : Context; Fld : Field) return Field_Cursor is - (Ctx.Cursors (Fld)); - - function Context_Cursors (Ctx : Context) return Field_Cursors is - (Ctx.Cursors); - - function Context_Cursors_Index (Cursors : Field_Cursors; Fld : Field) return Field_Cursor is - (Cursors (Fld)); - -end RFLX.DCCP.Packet; diff --git a/examples/apps/dccp/rflx/generated/rflx-dccp.ads b/examples/apps/dccp/rflx/generated/rflx-dccp.ads deleted file mode 100644 index 311a2d95a..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-dccp.ads +++ /dev/null @@ -1,655 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); -pragma Warnings (Off, "redundant conversion"); -with RFLX.RFLX_Types; - -package RFLX.DCCP with - SPARK_Mode -is - - type Port_Type is range 0 .. 2**16 - 1 with - Size => - 16; - - use type RFLX.RFLX_Types.Base_Integer; - - function Valid_Port_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 65535); - - function To_Base_Integer (Val : RFLX.DCCP.Port_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Port_Type is - (RFLX.DCCP.Port_Type (Val)) - with - Pre => - Valid_Port_Type (Val); - - type Data_Offset_Type is range 3 .. 2**8 - 1 with - Size => - 8; - - function Valid_Data_Offset_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val >= 3 - and Val <= 255); - - function To_Base_Integer (Val : RFLX.DCCP.Data_Offset_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Data_Offset_Type is - (RFLX.DCCP.Data_Offset_Type (Val)) - with - Pre => - Valid_Data_Offset_Type (Val); - - type Checksum_Type is range 0 .. 2**16 - 1 with - Size => - 16; - - function Valid_Checksum_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 65535); - - function To_Base_Integer (Val : RFLX.DCCP.Checksum_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Checksum_Type is - (RFLX.DCCP.Checksum_Type (Val)) - with - Pre => - Valid_Checksum_Type (Val); - - type CCVal_Type is range 0 .. 2**4 - 1 with - Size => - 4; - - function Valid_CCVal_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 15); - - function To_Base_Integer (Val : RFLX.DCCP.CCVal_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.CCVal_Type is - (RFLX.DCCP.CCVal_Type (Val)) - with - Pre => - Valid_CCVal_Type (Val); - - type Checksum_Coverage_Type is range 0 .. 2**4 - 1 with - Size => - 4; - - function Valid_Checksum_Coverage_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 15); - - function To_Base_Integer (Val : RFLX.DCCP.Checksum_Coverage_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Checksum_Coverage_Type is - (RFLX.DCCP.Checksum_Coverage_Type (Val)) - with - Pre => - Valid_Checksum_Coverage_Type (Val); - - type Reserved_3_Type is range 0 .. 2**3 - 1 with - Size => - 3; - - function Valid_Reserved_3_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 7); - - function To_Base_Integer (Val : RFLX.DCCP.Reserved_3_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Reserved_3_Type is - (RFLX.DCCP.Reserved_3_Type (Val)) - with - Pre => - Valid_Reserved_3_Type (Val); - - type Type_Field is (DCCP_REQUEST, DCCP_RESPONSE, DCCP_DATA, DCCP_ACK, DCCP_DATA_ACK, DCCP_CLOSEREQ, DCCP_CLOSE, DCCP_RESET, DCCP_SYNC, DCCP_SYNCACK) with - Size => - 4; - for Type_Field use (DCCP_REQUEST => 0, DCCP_RESPONSE => 1, DCCP_DATA => 2, DCCP_ACK => 3, DCCP_DATA_ACK => 4, DCCP_CLOSEREQ => 5, DCCP_CLOSE => 6, DCCP_RESET => 7, DCCP_SYNC => 8, DCCP_SYNCACK => 9); - - function Valid_Type_Field (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9); - - function To_Base_Integer (Enum : RFLX.DCCP.Type_Field) return RFLX.RFLX_Types.Base_Integer is - ((case Enum is - when DCCP_REQUEST => - 0, - when DCCP_RESPONSE => - 1, - when DCCP_DATA => - 2, - when DCCP_ACK => - 3, - when DCCP_DATA_ACK => - 4, - when DCCP_CLOSEREQ => - 5, - when DCCP_CLOSE => - 6, - when DCCP_RESET => - 7, - when DCCP_SYNC => - 8, - when DCCP_SYNCACK => - 9)); - - pragma Warnings (Off, "unreachable branch"); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Type_Field is - ((case Val is - when 0 => - DCCP_REQUEST, - when 1 => - DCCP_RESPONSE, - when 2 => - DCCP_DATA, - when 3 => - DCCP_ACK, - when 4 => - DCCP_DATA_ACK, - when 5 => - DCCP_CLOSEREQ, - when 6 => - DCCP_CLOSE, - when 7 => - DCCP_RESET, - when 8 => - DCCP_SYNC, - when 9 => - DCCP_SYNCACK, - when others => - RFLX.DCCP.Type_Field'Last)) - with - Pre => - Valid_Type_Field (Val); - - pragma Warnings (On, "unreachable branch"); - - type CsCov_Type is range 0 .. 2**4 - 1 with - Size => - 4; - - function Valid_CsCov_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 15); - - function To_Base_Integer (Val : RFLX.DCCP.CsCov_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.CsCov_Type is - (RFLX.DCCP.CsCov_Type (Val)) - with - Pre => - Valid_CsCov_Type (Val); - - type Ext_Seq_Type is (NOT_EXTENDED, EXTENDED) with - Size => - 1; - for Ext_Seq_Type use (NOT_EXTENDED => 0, EXTENDED => 1); - - function Valid_Ext_Seq_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val in 1 | 0); - - function To_Base_Integer (Enum : RFLX.DCCP.Ext_Seq_Type) return RFLX.RFLX_Types.Base_Integer is - ((case Enum is - when EXTENDED => - 1, - when NOT_EXTENDED => - 0)); - - pragma Warnings (Off, "unreachable branch"); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Ext_Seq_Type is - ((case Val is - when 1 => - EXTENDED, - when 0 => - NOT_EXTENDED, - when others => - RFLX.DCCP.Ext_Seq_Type'Last)) - with - Pre => - Valid_Ext_Seq_Type (Val); - - pragma Warnings (On, "unreachable branch"); - - type Sequence_Number_Long_Type is range 0 .. 2**48 - 1 with - Size => - 48; - - function Valid_Sequence_Number_Long_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 281474976710655); - - function To_Base_Integer (Val : RFLX.DCCP.Sequence_Number_Long_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Sequence_Number_Long_Type is - (RFLX.DCCP.Sequence_Number_Long_Type (Val)) - with - Pre => - Valid_Sequence_Number_Long_Type (Val); - - type Sequence_Number_Short_Type is range 0 .. 2**24 - 1 with - Size => - 24; - - function Valid_Sequence_Number_Short_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 16777215); - - function To_Base_Integer (Val : RFLX.DCCP.Sequence_Number_Short_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Sequence_Number_Short_Type is - (RFLX.DCCP.Sequence_Number_Short_Type (Val)) - with - Pre => - Valid_Sequence_Number_Short_Type (Val); - - type Reserved_8_Type is range 0 .. 2**8 - 1 with - Size => - 8; - - function Valid_Reserved_8_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 255); - - function To_Base_Integer (Val : RFLX.DCCP.Reserved_8_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Reserved_8_Type is - (RFLX.DCCP.Reserved_8_Type (Val)) - with - Pre => - Valid_Reserved_8_Type (Val); - - type Reserved_16_Type is range 0 .. 2**16 - 1 with - Size => - 16; - - function Valid_Reserved_16_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 65535); - - function To_Base_Integer (Val : RFLX.DCCP.Reserved_16_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Reserved_16_Type is - (RFLX.DCCP.Reserved_16_Type (Val)) - with - Pre => - Valid_Reserved_16_Type (Val); - - type Ack_Number_Long_Type is range 0 .. 2**48 - 1 with - Size => - 48; - - function Valid_Ack_Number_Long_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 281474976710655); - - function To_Base_Integer (Val : RFLX.DCCP.Ack_Number_Long_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Ack_Number_Long_Type is - (RFLX.DCCP.Ack_Number_Long_Type (Val)) - with - Pre => - Valid_Ack_Number_Long_Type (Val); - - type Ack_Number_Short_Type is range 0 .. 2**24 - 1 with - Size => - 24; - - function Valid_Ack_Number_Short_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 16777215); - - function To_Base_Integer (Val : RFLX.DCCP.Ack_Number_Short_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Ack_Number_Short_Type is - (RFLX.DCCP.Ack_Number_Short_Type (Val)) - with - Pre => - Valid_Ack_Number_Short_Type (Val); - - type Service_Code_Type is range 0 .. 2**32 - 1 with - Size => - 32; - - function Valid_Service_Code_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 4294967295); - - function To_Base_Integer (Val : RFLX.DCCP.Service_Code_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Service_Code_Type is - (RFLX.DCCP.Service_Code_Type (Val)) - with - Pre => - Valid_Service_Code_Type (Val); - - type Reset_Code_Type is (UNSPECIFIED, CLOSED, ABORTED, NO_CONNECTION, PACKET_ERROR, OPTION_ERROR, MANDATORY_ERROR, CONNECTION_REFUSED, BAD_SERVICE_CODE, TOO_BUSY, BAD_INIT_COOKIE, AGGRESSION_PENALTY) with - Size => - 8; - for Reset_Code_Type use (UNSPECIFIED => 0, CLOSED => 1, ABORTED => 2, NO_CONNECTION => 3, PACKET_ERROR => 4, OPTION_ERROR => 5, MANDATORY_ERROR => 6, CONNECTION_REFUSED => 7, BAD_SERVICE_CODE => 8, TOO_BUSY => 9, BAD_INIT_COOKIE => 10, AGGRESSION_PENALTY => 11); - - function Valid_Reset_Code_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11); - - function To_Base_Integer (Enum : RFLX.DCCP.Reset_Code_Type) return RFLX.RFLX_Types.Base_Integer is - ((case Enum is - when UNSPECIFIED => - 0, - when CLOSED => - 1, - when ABORTED => - 2, - when NO_CONNECTION => - 3, - when PACKET_ERROR => - 4, - when OPTION_ERROR => - 5, - when MANDATORY_ERROR => - 6, - when CONNECTION_REFUSED => - 7, - when BAD_SERVICE_CODE => - 8, - when TOO_BUSY => - 9, - when BAD_INIT_COOKIE => - 10, - when AGGRESSION_PENALTY => - 11)); - - pragma Warnings (Off, "unreachable branch"); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Reset_Code_Type is - ((case Val is - when 0 => - UNSPECIFIED, - when 1 => - CLOSED, - when 2 => - ABORTED, - when 3 => - NO_CONNECTION, - when 4 => - PACKET_ERROR, - when 5 => - OPTION_ERROR, - when 6 => - MANDATORY_ERROR, - when 7 => - CONNECTION_REFUSED, - when 8 => - BAD_SERVICE_CODE, - when 9 => - TOO_BUSY, - when 10 => - BAD_INIT_COOKIE, - when 11 => - AGGRESSION_PENALTY, - when others => - RFLX.DCCP.Reset_Code_Type'Last)) - with - Pre => - Valid_Reset_Code_Type (Val); - - pragma Warnings (On, "unreachable branch"); - - type Data_Type is range 0 .. 2**8 - 1 with - Size => - 8; - - function Valid_Data_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 255); - - function To_Base_Integer (Val : RFLX.DCCP.Data_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Data_Type is - (RFLX.DCCP.Data_Type (Val)) - with - Pre => - Valid_Data_Type (Val); - - type Opt_Type is (PADDING, MANDATORY, SLOW_RECEIVER, CHANGE_L, CONFIRM_L, CHANGE_R, CONFIRM_R, INIT_COOKIE, NDP_COUNT, ACK_VECTOR_0, ACK_VECTOR_1, DATA_DROPPED, TIMESTAMP, TIMESTAMP_ECHO, ELAPSED_TIME, DATA_CHECKSUM, CCID3_LOSS_EVT_RATE, CCID3_RCV_RATE) with - Size => - 8; - for Opt_Type use (PADDING => 0, MANDATORY => 1, SLOW_RECEIVER => 2, CHANGE_L => 32, CONFIRM_L => 33, CHANGE_R => 34, CONFIRM_R => 35, INIT_COOKIE => 36, NDP_COUNT => 37, ACK_VECTOR_0 => 38, ACK_VECTOR_1 => 39, DATA_DROPPED => 40, TIMESTAMP => 41, TIMESTAMP_ECHO => 42, ELAPSED_TIME => 43, DATA_CHECKSUM => 44, CCID3_LOSS_EVT_RATE => 192, CCID3_RCV_RATE => 194); - - function Valid_Opt_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val in 0 | 1 | 2 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 192 | 194); - - function To_Base_Integer (Enum : RFLX.DCCP.Opt_Type) return RFLX.RFLX_Types.Base_Integer is - ((case Enum is - when PADDING => - 0, - when MANDATORY => - 1, - when SLOW_RECEIVER => - 2, - when CHANGE_L => - 32, - when CONFIRM_L => - 33, - when CHANGE_R => - 34, - when CONFIRM_R => - 35, - when INIT_COOKIE => - 36, - when NDP_COUNT => - 37, - when ACK_VECTOR_0 => - 38, - when ACK_VECTOR_1 => - 39, - when DATA_DROPPED => - 40, - when TIMESTAMP => - 41, - when TIMESTAMP_ECHO => - 42, - when ELAPSED_TIME => - 43, - when DATA_CHECKSUM => - 44, - when CCID3_LOSS_EVT_RATE => - 192, - when CCID3_RCV_RATE => - 194)); - - pragma Warnings (Off, "unreachable branch"); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Opt_Type is - ((case Val is - when 0 => - PADDING, - when 1 => - MANDATORY, - when 2 => - SLOW_RECEIVER, - when 32 => - CHANGE_L, - when 33 => - CONFIRM_L, - when 34 => - CHANGE_R, - when 35 => - CONFIRM_R, - when 36 => - INIT_COOKIE, - when 37 => - NDP_COUNT, - when 38 => - ACK_VECTOR_0, - when 39 => - ACK_VECTOR_1, - when 40 => - DATA_DROPPED, - when 41 => - TIMESTAMP, - when 42 => - TIMESTAMP_ECHO, - when 43 => - ELAPSED_TIME, - when 44 => - DATA_CHECKSUM, - when 192 => - CCID3_LOSS_EVT_RATE, - when 194 => - CCID3_RCV_RATE, - when others => - RFLX.DCCP.Opt_Type'Last)) - with - Pre => - Valid_Opt_Type (Val); - - pragma Warnings (On, "unreachable branch"); - - type Option_Length_Type is range 0 .. 2**8 - 1 with - Size => - 8; - - function Valid_Option_Length_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 255); - - function To_Base_Integer (Val : RFLX.DCCP.Option_Length_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Option_Length_Type is - (RFLX.DCCP.Option_Length_Type (Val)) - with - Pre => - Valid_Option_Length_Type (Val); - - type Option_Feature_Type is (FEATURE_RESERVED, CCID, ALLOW_SHORT_SEQNOS, SEQUENCE_WINDOW, ECN_INCAPABLE, ACK_RATIO, SEND_ACK_VECTOR, SEND_NDP_COUNT, MINIMUM_CHECKSUM_COVERAGE, CHECK_DATA_CHECKSUM) with - Size => - 8; - for Option_Feature_Type use (FEATURE_RESERVED => 0, CCID => 1, ALLOW_SHORT_SEQNOS => 2, SEQUENCE_WINDOW => 3, ECN_INCAPABLE => 4, ACK_RATIO => 5, SEND_ACK_VECTOR => 6, SEND_NDP_COUNT => 7, MINIMUM_CHECKSUM_COVERAGE => 8, CHECK_DATA_CHECKSUM => 9); - - function Valid_Option_Feature_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9); - - function To_Base_Integer (Enum : RFLX.DCCP.Option_Feature_Type) return RFLX.RFLX_Types.Base_Integer is - ((case Enum is - when FEATURE_RESERVED => - 0, - when CCID => - 1, - when ALLOW_SHORT_SEQNOS => - 2, - when SEQUENCE_WINDOW => - 3, - when ECN_INCAPABLE => - 4, - when ACK_RATIO => - 5, - when SEND_ACK_VECTOR => - 6, - when SEND_NDP_COUNT => - 7, - when MINIMUM_CHECKSUM_COVERAGE => - 8, - when CHECK_DATA_CHECKSUM => - 9)); - - pragma Warnings (Off, "unreachable branch"); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Option_Feature_Type is - ((case Val is - when 0 => - FEATURE_RESERVED, - when 1 => - CCID, - when 2 => - ALLOW_SHORT_SEQNOS, - when 3 => - SEQUENCE_WINDOW, - when 4 => - ECN_INCAPABLE, - when 5 => - ACK_RATIO, - when 6 => - SEND_ACK_VECTOR, - when 7 => - SEND_NDP_COUNT, - when 8 => - MINIMUM_CHECKSUM_COVERAGE, - when 9 => - CHECK_DATA_CHECKSUM, - when others => - RFLX.DCCP.Option_Feature_Type'Last)) - with - Pre => - Valid_Option_Feature_Type (Val); - - pragma Warnings (On, "unreachable branch"); - - type Receive_Rate_Type is range 0 .. 2**32 - 1 with - Size => - 32; - - function Valid_Receive_Rate_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 4294967295); - - function To_Base_Integer (Val : RFLX.DCCP.Receive_Rate_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Receive_Rate_Type is - (RFLX.DCCP.Receive_Rate_Type (Val)) - with - Pre => - Valid_Receive_Rate_Type (Val); - - type Loss_Rate_Type is range 0 .. 2**32 - 1 with - Size => - 32; - - function Valid_Loss_Rate_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 4294967295); - - function To_Base_Integer (Val : RFLX.DCCP.Loss_Rate_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Loss_Rate_Type is - (RFLX.DCCP.Loss_Rate_Type (Val)) - with - Pre => - Valid_Loss_Rate_Type (Val); - - type Timestamp_Option_Type is range 0 .. 2**32 - 1 with - Size => - 32; - - function Valid_Timestamp_Option_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 4294967295); - - function To_Base_Integer (Val : RFLX.DCCP.Timestamp_Option_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Timestamp_Option_Type is - (RFLX.DCCP.Timestamp_Option_Type (Val)) - with - Pre => - Valid_Timestamp_Option_Type (Val); - - type Timestamp_Echo_Option_Type is range 0 .. 2**32 - 1 with - Size => - 32; - - function Valid_Timestamp_Echo_Option_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is - (Val <= 4294967295); - - function To_Base_Integer (Val : RFLX.DCCP.Timestamp_Echo_Option_Type) return RFLX.RFLX_Types.Base_Integer is - (RFLX.RFLX_Types.Base_Integer (Val)); - - function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Timestamp_Echo_Option_Type is - (RFLX.DCCP.Timestamp_Echo_Option_Type (Val)) - with - Pre => - Valid_Timestamp_Echo_Option_Type (Val); - -end RFLX.DCCP; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_arithmetic.adb b/examples/apps/dccp/rflx/generated/rflx-rflx_arithmetic.adb deleted file mode 100644 index 8aff82dc5..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_arithmetic.adb +++ /dev/null @@ -1,77 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); - -package body RFLX.RFLX_Arithmetic with - SPARK_Mode -is - - function Shift_Left (Value : U64; Amount : Natural) return U64 with - Import, - Convention => Intrinsic, - Global => null; - - function Shift_Right (Value : U64; Amount : Natural) return U64 with - Import, - Convention => Intrinsic, - Global => null; - - function Shift_Add (V : U64; - Data : U64; - Amount : Natural; - Bits : Natural) return U64 - is - pragma Unreferenced (Bits); - begin - return Shift_Left (V, Amount) + Data; - end Shift_Add; - - function Right_Shift (V : U64; Amount : Natural; Size : Natural) return U64 - is - pragma Unreferenced (Size); - begin - return Shift_Right (V, Amount); - end Right_Shift; - - function Left_Shift (V : U64; Amount : Natural; Size : Natural) return U64 - is - pragma Unreferenced (Size); - Result : constant U64 := Shift_Left (V, Amount); - begin - return Result; - end Left_Shift; - - function Mask_Lower (V : U64; Mask, Bits : Natural) return U64 - is - Result : constant U64 := Shift_Left (Shift_Right (V, Mask), Mask); - begin - pragma Assert - (if Bits < U64'Size then Result <= 2 ** Bits - 2 ** Mask - elsif Mask < U64'Size then Result <= U64'Last - 2 ** Mask + 1); - return Result; - end Mask_Lower; - - function Mask_Upper (V : U64; Mask : Natural) return U64 - is - begin - return V and (2 ** Mask - 1); - end Mask_Upper; - - function Add (A : U64; B : U64; Total_Bits, Lower_Bits : Natural) return U64 - is - pragma Unreferenced (Total_Bits, Lower_Bits); - begin - return A + B; - end Add; - - procedure Lemma_Size (Val : Base_Integer; Size : Positive) is - begin - if Size < Base_Integer'Size then - pragma Assert (Val < 2 ** Size); - pragma Assert (U64 (Val) < 2 ** Size); - pragma Assert (Fits_Into (U64 (Val), Size)); - else - pragma Assert (Size = 63); - pragma Assert (Fits_Into (U64 (Val), Size)); - end if; - end Lemma_Size; - -end RFLX.RFLX_Arithmetic; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_arithmetic.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_arithmetic.ads deleted file mode 100644 index 2bdf8ceb1..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_arithmetic.ads +++ /dev/null @@ -1,98 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); - -package RFLX.RFLX_Arithmetic with - SPARK_Mode, - Annotate => - (GNATprove, Always_Return) -is - - type U64 is mod 2**64 with - Annotate => (GNATprove, No_Wrap_Around); - - type Base_Integer is range 0 .. 2 ** 63 - 1; - - -- Express that V contains at most Bits non-zero bits, in the least - -- significant part (the rest is zero). - pragma Warnings (Off, "postcondition does not mention function result"); - function Fits_Into (V : U64; Bits : Natural) return Boolean - is (if Bits < U64'Size then V < 2 ** Bits) - with Post => True; - - function Fits_Into (V : Base_Integer; Bits : Natural) return Boolean - is (if Bits < Base_Integer'Size then V < 2 ** Bits) - with Post => True; - - -- Express that V contains (U64'Size - Bits) leading zero bits, then (Bits - - -- Lower) bits of data, then Lower bits of zeros. - -- |- (U64'Size - bits) -|- (Bits-Lower) -|- Lower -| - -- |000000000000000000000|xxxxxxxxxxxxxxxx|000000000| - function Fits_Into_Upper (V : U64; Bits, Lower : Natural) return Boolean - is (if Bits < U64'Size then V <= 2 ** Bits - 2 ** Lower - elsif Lower > 0 and then Lower < U64'Size then V <= U64'Last - 2 ** Lower + 1) - with Pre => Bits <= U64'Size and then Lower <= Bits, - Post => True; - pragma Warnings (On, "postcondition does not mention function result"); - - -- V is assumed to contain Bits bits of data. Add the Amount bits contained - -- in Data by shifting V to the left and adding Data. The result contains - -- (Bits + Amount) bits of data. - function Shift_Add (V : U64; - Data : U64; - Amount : Natural; - Bits : Natural) return U64 - with Pre => - Bits < U64'Size - and then Amount < U64'Size - and then Fits_Into (V, Bits) - and then U64'Size - Amount >= Bits - and then Fits_Into (Data, Amount), - Post => Fits_Into (Shift_Add'Result, Bits + Amount); - - -- Wrapper of Shift_Right that expresses the operation in terms of - -- Fits_Into. - function Right_Shift (V : U64; Amount : Natural; Size : Natural) return U64 with - Pre => - Size <= U64'Size - and then Fits_Into (V, Size) - and then Amount <= Size - and then Size - Amount < U64'Size, - Post => Fits_Into (Right_Shift'Result, Size - Amount); - - -- Wrapper of Shift_Left that expresses the operation in terms of - -- Fits_Into/Fits_Into_Upper. - function Left_Shift (V : U64; Amount : Natural; Size : Natural) return U64 with - Pre => - Size < U64'Size - and then Amount < U64'Size - and then Fits_Into (V, Size) - and then Size + Amount < U64'Size, - Post => Fits_Into_Upper (Left_Shift'Result, Size + Amount, Amount); - - -- V is assumed to have Bits bits of data. Set the lower bits of V to zero. - function Mask_Lower (V : U64; Mask, Bits : Natural) return U64 - with Pre => Bits <= U64'Size and then Fits_Into (V, Bits) and then Mask <= Bits and then Mask >= 1, - Post => Fits_Into_Upper (Mask_Lower'Result, Bits, Mask); - - -- Set the upper bits of V to zero. - function Mask_Upper (V : U64; Mask : Natural) return U64 - with Pre => Mask < U64'Size, - Post => Fits_Into (Mask_Upper'Result, Mask); - - -- Add A and B in the special case where A only uses the upper bits and B - -- only the lower bits. - function Add (A : U64; B : U64; Total_Bits, Lower_Bits : Natural) return U64 - with Pre => - Total_Bits <= U64'Size - and then Lower_Bits <= Total_Bits - and then (if Total_Bits = U64'Size then Lower_Bits /= U64'Size) - and then Fits_Into_Upper (A, Total_Bits, Lower_Bits) - and then Fits_Into (B, Lower_Bits), - Post => Add'Result = A + B and Fits_Into (Add'Result, Total_Bits), - Global => null; - - procedure Lemma_Size (Val : Base_Integer; Size : Positive) - with Ghost, - Pre => Size in 1 .. 63 and then Fits_Into (Val, Size), - Post => Fits_Into (U64 (Val), Size); - -end RFLX.RFLX_Arithmetic; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_builtin_types-conversions.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_builtin_types-conversions.ads deleted file mode 100644 index 8b2bc5688..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_builtin_types-conversions.ads +++ /dev/null @@ -1,65 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); - -with RFLX.RFLX_Arithmetic; - -package RFLX.RFLX_Builtin_Types.Conversions with - SPARK_Mode, - Annotate => - (GNATprove, Always_Return) -is - - pragma Annotate (GNATprove, Always_Return, Conversions); - - function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.U64) return Boolean is - (case Val is - when 0 | 1 => - True, - when others => - False); - - function To_U64 (Enum : Boolean) return RFLX.RFLX_Arithmetic.U64 is - (case Enum is - when False => - 0, - when True => - 1); - - function To_Actual (Val : RFLX.RFLX_Arithmetic.U64) return Boolean is - (case Val is - when 0 => - False, - when 1 => - True, - when others => - False) - with - Pre => - Valid_Boolean (Val); - - function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.Base_Integer) return Boolean is - (case Val is - when 0 | 1 => - True, - when others => - False); - - function To_Base_Integer (Enum : Boolean) return RFLX.RFLX_Arithmetic.Base_Integer is - (case Enum is - when False => - 0, - when True => - 1); - - function To_Actual (Val : RFLX.RFLX_Arithmetic.Base_Integer) return Boolean is - (case Val is - when 0 => - False, - when 1 => - True, - when others => - False) - with - Pre => - Valid_Boolean (Val); - -end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_builtin_types.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_builtin_types.ads deleted file mode 100644 index 7a7dfd208..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_builtin_types.ads +++ /dev/null @@ -1,23 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); - -package RFLX.RFLX_Builtin_Types with - SPARK_Mode, - Annotate => - (GNATprove, Always_Return) -is - - type Length is new Natural; - - type Index is new Length range 1 .. Length'Last; - - type Byte is mod 2**8; - - type Bytes is array (Index range <>) of Byte; - - type Bytes_Ptr is access Bytes; - - type Bit_Length is range 0 .. Length'Last * 8; - - type Boolean_Base is mod 2; - -end RFLX.RFLX_Builtin_Types; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operations.adb b/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operations.adb deleted file mode 100644 index b4e4b6e40..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operations.adb +++ /dev/null @@ -1,402 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); - -with RFLX.RFLX_Arithmetic; - -package body RFLX.RFLX_Generic_Types.Generic_Operations with - SPARK_Mode -is - - -- - -- Terminology - -- - -- -----XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX---- Data - -- - -- |-------|-------|-------|-------|-------| Value Bytes - -- 3 LMB 11 19 27 35 RMB 43 - -- - -- |----| |----| - -- LME_Offset RME_Offset - -- - -- |--| |--| - -- LME_Size RME_Size - -- - -- |-------|-------|-------|-------|-------|-------| Data Bytes - -- 0 8 16 24 32 40 - -- LME RME - -- - -- LME: Leftmost Element of Data - -- RME: Rightmost Element of Data - -- - -- LSB: Leftmost Byte of Value - -- RMB: Rightmost Byte of Value - -- - -- LME_Offset: Bits the LME is shifted right relative to first of LME - -- RME_Offset: Bits the RME is shifted left relative to last of RME - -- - -- LME_Size: Number of bits of LME contained in LMB - -- RME_Size: Number of bits of RME contained in RMB - -- - -- LME_Index: Index pointing to LME - -- RME_Index: Index pointing to RME - -- - - use RFLX.RFLX_Arithmetic; - - procedure Get_Index_Offset - (First, Last : Long_Integer; - Off : Offset; - Value_Size : Positive; - RME_Index : out Index; - LME_Index : out Index; - RME_Size : out Natural; - LME_Size : out Natural) - with - Pre => - (Value_Size in 1 .. U64'Size - and then Last >= Long_Integer (Index'First) and then Last <= Long_Integer (Index'Last) - and then First >= Long_Integer (Index'First) and then First <= Long_Integer (Index'Last) - and then Long_Integer ((Natural (Off) + Value_Size - 1) / Byte'Size) < Long_Integer (Last - First + 1)), - Post => - (RME_Index = Index (Last - Long_Integer (Off) / Byte'Size) - and then LME_Index = Index (Last - (Long_Integer (Off) + Long_Integer (Value_Size) - 1) / Byte'Size) - and then RME_Size = Byte'Size - Natural (Off) - and then LME_Size = (Natural (Off) + Value_Size + Byte'Size - 1) mod Byte'Size + 1) - is - begin - RME_Index := Index (Last - Long_Integer (Off) / Byte'Size); - LME_Index := Index (Last - (Long_Integer (Off) + Long_Integer (Value_Size) - 1) / Byte'Size); - RME_Size := Byte'Size - Natural (Off); - LME_Size := (Natural (Off) + Value_Size + Byte'Size - 1) mod Byte'Size + 1; - end Get_Index_Offset; - - function U64_Extract - (Buffer : Bytes_Ptr; - First : Index; - Last : Index; - Off : Offset; - Value_Size : Positive) return U64 - with - Pre => - (Buffer /= null - and then First >= Buffer'First - and then Last <= Buffer'Last - and then Value_Size in 1 .. U64'Size - and then Long_Integer ((Natural (Off) + Value_Size - 1) / Byte'Size) < Buffer.all (First .. Last)'Length), - Post => - (if Value_Size < U64'Size then U64_Extract'Result < 2**Value_Size) - is - Data : constant Bytes := Buffer.all (First .. Last); - - RME_Index : Index; - LME_Index : Index; - - RME_Offset : constant Natural := Natural (Off); - RME_Size : Natural; - - LME_Size : Natural; - LME_Offset : Natural; - Result : U64 := 0; - - begin - -- This function simply iterates over all data bytes that contain - -- relevant data, from most significant to least significant, and adds - -- them up in Result, shifting the Result before the addition as needed - -- (see helper function Shift_Add). - - -- We track the number of bits that are contained in Result to bound the - -- current value of Result by 2 ** (number of bits). At the end of the - -- function, the number of bits should be Value_Size. - - -- We start with the most significant byte. In network-byte order this - -- is the rightmost byte. We need to take into account the case where - -- this is the only byte. - - Get_Index_Offset (Long_Integer (Data'First), Long_Integer (Data'Last), Off, Value_Size, RME_Index, LME_Index, RME_Size, LME_Size); - LME_Offset := Byte'Size - LME_Size; - - declare - Tmp : U64 := Mask_Upper (Byte'Pos (Data (LME_Index)), LME_Size); - begin - if RME_Index = LME_Index then - Tmp := Right_Shift (Tmp, RME_Offset, LME_Size); - end if; - Result := Result + Tmp; - end; - - -- If it was the only byte, we are done. - - if RME_Index = LME_Index then - pragma Assert (Result < 2 ** (LME_Size - RME_Offset)); - return Result; - end if; - - pragma Assert (Fits_Into (Result, LME_Size)); - - -- We now iterate over the "inner bytes" excluding the two extreme bytes. - for I in LME_Index + 1 .. RME_Index - 1 loop - Result := - Shift_Add - (Result, - Byte'Pos (Data (I)), - Byte'Size, - Natural (I - LME_Index) * Byte'Size - LME_Offset); - pragma Loop_Invariant - (Fits_Into (Result, Natural (I - LME_Index + 1) * Byte'Size - LME_Offset)); - end loop; - - -- We now add the relevant bits from the last byte. - pragma Assert (RME_Size in 1 .. U64'Size); - pragma Assert (if LME_Index + 1 <= RME_Index - 1 then Fits_Into (Result, Natural (RME_Index - LME_Index) * Byte'Size - LME_Offset)); - pragma Assert (if LME_Index + 1 > RME_Index - 1 then Fits_Into (Result, Natural (RME_Index - LME_Index) * Byte'Size - LME_Offset)); - pragma Assert (Value_Size - RME_Size = Natural (RME_Index - LME_Index) * Byte'Size - LME_Offset); - pragma Assert (Fits_Into (Result, Value_Size - RME_Size)); - declare - Bits_To_Read : constant U64 := - Right_Shift (Byte'Pos (Data (RME_Index)), RME_Offset, Byte'Size); - begin - Result := Shift_Add (Result, Bits_To_Read, RME_Size, Value_Size - RME_Size); - end; - return Result; - end U64_Extract; - - function U64_Extract_LE - (Buffer : Bytes_Ptr; - First : Index; - Last : Index; - Off : Offset; - Value_Size : Positive) return U64 - with - Pre => - (Buffer /= null - and then First >= Buffer'First - and then Last <= Buffer'Last - and then Value_Size in 1 .. U64'Size - and then Long_Integer ((Natural (Off) + Value_Size - 1) / Byte'Size) < Buffer.all (First .. Last)'Length), - Post => - (if Value_Size < U64'Size then U64_Extract_LE'Result < 2**Value_Size) - is - Data : constant Bytes := Buffer.all (First .. Last); - - RME_Index : Index; - LME_Index : Index; - - RME_Offset : constant Natural := Natural (Off); - RME_Size : Natural; - - LME_Size : Natural; - Result : U64 := 0; - - begin - -- This function is identical in structure to the U64_Extract function. - -- See the comments there for more details. However, in little endian we - -- traverse the relevant bytes in the opposite order. - - Get_Index_Offset (Long_Integer (Data'First), Long_Integer (Data'Last), Off, Value_Size, RME_Index, LME_Index, RME_Size, LME_Size); - - declare - Tmp : U64 := Byte'Pos (Data (RME_Index)); - begin - if RME_Index = LME_Index then - Tmp := Mask_Upper (Tmp, LME_Size); - end if; - Tmp := - Right_Shift - (Tmp, - RME_Offset, - (if RME_Index = LME_Index then LME_Size else Byte'Size)); - Result := Result + Tmp; - end; - - if RME_Index = LME_Index then - pragma Assert (Fits_Into (Result, Value_Size)); - return Result; - end if; - - pragma Assert (Fits_Into (Result, RME_Size)); - - for I in reverse LME_Index + 1 .. RME_Index - 1 loop - Result := - Shift_Add - (Result, - Byte'Pos (Data (I)), - Byte'Size, - Natural (RME_Index - I) * Byte'Size - RME_Offset); - pragma Loop_Invariant - (Fits_Into (Result, Natural (RME_Index - I + 1) * Byte'Size - RME_Offset)); - end loop; - - pragma Assert (LME_Size < U64'Size); - pragma Assert (if LME_Index + 1 <= RME_Index - 1 then Fits_Into (Result, Natural (RME_Index - LME_Index) * Byte'Size - RME_Offset)); - pragma Assert (if LME_Index + 1 > RME_Index - 1 then Fits_Into (Result, Natural (RME_Index - LME_Index) * Byte'Size - RME_Offset)); - pragma Assert (Value_Size - LME_Size = Natural (RME_Index - LME_Index) * Byte'Size - RME_Offset); - pragma Assert (Fits_Into (Result, Value_Size - LME_Size)); - Result := - Shift_Add (Result, - Mask_Upper (Byte'Pos (Data (LME_Index)), LME_Size), - LME_Size, - Value_Size - LME_Size); - pragma Assert (Fits_Into (Result, Value_Size)); - return Result; - end U64_Extract_LE; - - procedure U64_Insert - (Val : U64; - Buffer : Bytes_Ptr; - First : Index; - Last : Index; - Off : Offset; - Value_Size : Positive; - BO : Byte_Order) - with - Pre => - Buffer /= null - and then First >= Buffer'First - and then Last <= Buffer'Last - and then Value_Size <= U64'Size - and then (if Value_Size < U64'Size then Val < 2**Value_Size) - and then Long_Integer (Natural (Off) + Value_Size - 1) / Byte'Size < Buffer.all (First .. Last)'Length, - Post => - Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last - is - RME_Index : Index; - LME_Index : Index; - - RME_Offset : constant Natural := Natural (Off); - RME_Size : Natural; - - LME_Size : Natural; - - RV : U64; - begin - Get_Index_Offset (Long_Integer (First), Long_Integer (Last), Off, Value_Size, RME_Index, LME_Index, RME_Size, LME_Size); - - if RME_Index = LME_Index then - declare - D : constant U64 := Byte'Pos (Buffer.all (RME_Index)); - pragma Assert (Fits_Into (D, Byte'Size)); - L_Bits : constant U64 := Mask_Lower (D, RME_Offset + Value_Size, Byte'Size); - R_Bits : constant U64 := Mask_Upper (D, RME_Offset); - Bits_To_Add : constant U64 := Left_Shift (Val, RME_Offset, Value_Size); - Result : constant U64 := - Add (L_Bits, Add (Bits_To_Add, R_Bits, RME_Offset + Value_Size, RME_Offset), Byte'Size, RME_Offset + Value_Size); - begin - Buffer.all (RME_Index) := Byte'Val (Result); - end; - - else - case BO is - when Low_Order_First => - declare - L_Bits : constant U64 := Mask_Lower (Byte'Pos (Buffer.all (LME_Index)), LME_Size, Byte'Size); - V_Bits : constant U64 := Mask_Upper (Val, LME_Size); - begin - Buffer.all (LME_Index) := Byte'Val (Add (L_Bits, V_Bits, Byte'Size, LME_Size)); - end; - RV := Right_Shift (Val, LME_Size, Value_Size); - pragma Assert (Fits_Into (RV, Value_Size - LME_Size)); - - for I in LME_Index + 1 .. RME_Index - 1 - loop - Buffer.all (I) := Byte'Val (RV mod 2**Byte'Size); - RV := Right_Shift (RV, Byte'Size, Value_Size - LME_Size - Natural (I - LME_Index - 1) * Byte'Size); - pragma Loop_Invariant (Fits_Into (RV, Value_Size - LME_Size - Natural (I - LME_Index) * Byte'Size)); - end loop; - - pragma Assert (RME_Size = Value_Size - LME_Size - Natural (RME_Index - LME_Index - 1) * Byte'Size); - pragma Assert (Fits_Into (RV, RME_Size)); - declare - U_Value : constant U64 := Mask_Upper (Byte'Pos (Buffer.all (RME_Index)), RME_Offset); - R_Value : constant U64 := Left_Shift (RV, RME_Offset, RME_Size); - begin - Buffer.all (RME_Index) := Byte'Val (Add (R_Value, U_Value, Byte'Size, RME_Offset)); - end; - when High_Order_First => - pragma Assert (LME_Size = Value_Size - RME_Size - Natural (RME_Index - LME_Index - 1) * Byte'Size); - declare - L_Bits : constant U64 := Mask_Upper (Byte'Pos (Buffer.all (RME_Index)), RME_Offset); - V_Bits : constant U64 := Mask_Upper (Val, RME_Size); - V_Value : constant U64 := Left_Shift (V_Bits, RME_Offset, RME_Size); - begin - Buffer.all (RME_Index) := Byte'Val (L_Bits + V_Value); - RV := Right_Shift (Val, RME_Size, Value_Size); - end; - - pragma Assert (RME_Size < Value_Size); - pragma Assert (Fits_Into (RV, Value_Size - RME_Size)); - - for I in reverse LME_Index + 1 .. RME_Index - 1 - loop - Buffer.all (I) := Byte'Val (RV mod 2**Byte'Size); - RV := Right_Shift (RV, Byte'Size, Value_Size - RME_Size - Natural (RME_Index - I - 1) * Byte'Size); - pragma Loop_Invariant (Fits_Into (RV, Value_Size - RME_Size - Natural (RME_Index - I) * Byte'Size)); - end loop; - - pragma Assert (LME_Size = Value_Size - RME_Size - Natural (RME_Index - LME_Index - 1) * Byte'Size); - pragma Assert (Fits_Into (RV, LME_Size)); - declare - U_Value : constant U64 := Mask_Lower (Byte'Pos (Buffer.all (LME_Index)), LME_Size, Byte'Size); - Sum : U64; - begin - Sum := Add (U_Value, RV, Byte'Size, LME_Size); - Buffer.all (LME_Index) := Byte'Val (Sum); - end; - end case; - end if; - end U64_Insert; - - function Extract - (Buffer : Bytes_Ptr; - First : Index; - Last : Index; - Off : Offset; - Size : Positive; - BO : Byte_Order) return U64 - is - begin - if BO = High_Order_First then - return U64_Extract (Buffer, First, Last, Off, Size); - else - return U64_Extract_LE (Buffer, First, Last, Off, Size); - end if; - end Extract; - - function Extract - (Buffer : Bytes_Ptr; - First : Index; - Last : Index; - Off : Offset; - Size : Positive; - BO : Byte_Order) return Base_Integer - is - begin - return Base_Integer (U64'(Extract (Buffer, First, Last, Off, Size, BO))); - end Extract; - - procedure Insert - (Val : U64; - Buffer : Bytes_Ptr; - First : Index; - Last : Index; - Off : Offset; - Size : Positive; - BO : Byte_Order) - is - begin - U64_Insert (Val, Buffer, First, Last, Off, Size, BO); - end Insert; - - procedure Insert - (Val : Base_Integer; - Buffer : Bytes_Ptr; - First : Index; - Last : Index; - Off : Offset; - Size : Positive; - BO : Byte_Order) - is - begin - Lemma_Size (Val, Size); - Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); - end Insert; - -end RFLX.RFLX_Generic_Types.Generic_Operations; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operations.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operations.ads deleted file mode 100644 index ec7b3fc8f..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operations.ads +++ /dev/null @@ -1,100 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); - -with RFLX.RFLX_Generic_Types.Generic_Operators; - -generic - with package Operators is new RFLX.RFLX_Generic_Types.Generic_Operators (<>); -package RFLX.RFLX_Generic_Types.Generic_Operations with - SPARK_Mode, - Annotate => - (GNATprove, Always_Return) -is - use Operators; - - use type U64; - - function Extract - (Buffer : Bytes_Ptr; - First : Index; - Last : Index; - Off : Offset; - Size : Positive; - BO : Byte_Order) return U64 - with - Pre => - (Buffer /= null - and then First >= Buffer'First - and then Last <= Buffer'Last - and then Size in 1 .. U64'Size - and then First <= Last - and then Last - First <= Index'Last - 1 - and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) - and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), - Post => - (if Size < U64'Size then Extract'Result < 2**Size); - - function Extract - (Buffer : Bytes_Ptr; - First : Index; - Last : Index; - Off : Offset; - Size : Positive; - BO : Byte_Order) return Base_Integer - with - Pre => - (Buffer /= null - and then First >= Buffer'First - and then Last <= Buffer'Last - and then Size in 1 .. 63 - and then First <= Last - and then Last - First <= Index'Last - 1 - and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) - and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size - and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), - Post => - (U64 (Extract'Result) < 2**Size); - - procedure Insert - (Val : U64; - Buffer : Bytes_Ptr; - First : Index; - Last : Index; - Off : Offset; - Size : Positive; - BO : Byte_Order) - with - Pre => - (Buffer /= null - and then First >= Buffer'First - and then Last <= Buffer'Last - and then Size in 1 .. U64'Size - and then Fits_Into (Val, Size) - and then First <= Last - and then Last - First <= Index'Last - 1 - and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), - Post => - (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); - - procedure Insert - (Val : Base_Integer; - Buffer : Bytes_Ptr; - First : Index; - Last : Index; - Off : Offset; - Size : Positive; - BO : Byte_Order) - with - Pre => - (Buffer /= null - and then First >= Buffer'First - and then Last <= Buffer'Last - and then Size in 1 .. 63 - and then Fits_Into (Val, Size) - and then First <= Last - and then Last - First <= Index'Last - 1 - and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), - Post => - (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); - -end RFLX.RFLX_Generic_Types.Generic_Operations; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operators.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operators.ads deleted file mode 100644 index 4898e4048..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operators.ads +++ /dev/null @@ -1,29 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); - -generic -package RFLX.RFLX_Generic_Types.Generic_Operators with - SPARK_Mode, - Annotate => - (GNATprove, Always_Return) -is - - function "+" (Left : Index; Right : Length) return Index is - (Index (Length (Left) + Right)) - with - Pre => - Length (Left) <= Length'Last - Right; - - function "-" (Left : Index; Right : Index) return Length is - (Length (Left) - Length (Right)) - with - Pre => - Length (Left) >= Length'First + Length (Right); - - function "-" (Left : Index; Right : Length) return Index is - (Index (Length (Left) - Right)) - with - Pre => - Right < Length'Last - and then Length (Left) >= Length (Index'First) + Right; - -end RFLX.RFLX_Generic_Types.Generic_Operators; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types.ads deleted file mode 100644 index 088b766af..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types.ads +++ /dev/null @@ -1,97 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); - -with Ada.Unchecked_Deallocation; -with RFLX.RFLX_Arithmetic; - -generic - type Custom_Index is range <>; - type Custom_Byte is (<>); - type Custom_Bytes is array (Custom_Index range <>) of Custom_Byte; - type Custom_Bytes_Ptr is access Custom_Bytes; - type Custom_Length is range <>; - type Custom_Bit_Length is range <>; -package RFLX.RFLX_Generic_Types with - SPARK_Mode, - Annotate => - (GNATprove, Always_Return) -is - - subtype Index is Custom_Index; - - subtype Byte is Custom_Byte; - - subtype Bytes is Custom_Bytes; - - subtype Bytes_Ptr is Custom_Bytes_Ptr; - - subtype Length is Custom_Length; - - subtype Bit_Length is Custom_Bit_Length; - - function "+" (Left : Index; Right : Index) return Index is abstract; - - function "-" (Left : Index; Right : Index) return Index is abstract; - - pragma Compile_Time_Error (Index'First /= 1, "Index'First must be 1"); - - pragma Compile_Time_Error (Byte'Size /= 8, "Byte must be of size 8"); - - pragma Compile_Time_Error (Byte'Pos (Byte'Last) - Byte'Pos (Byte'First) + 1 /= 2**Byte'Size, - "Byte must cover entire value range"); - - pragma Compile_Time_Error (Length'First /= 0, "Length'First must be 0"); - - pragma Compile_Time_Error (Length'Pos (Length'Last) /= Index'Pos (Index'Last), - "Length'Last must be equal to Index'Last"); - - pragma Compile_Time_Error (Bit_Length'First /= 0, "Bit_Length'First must be 0"); - - pragma Compile_Time_Error (Bit_Length'Pos (Bit_Length'Last) /= Length'Pos (Length'Last) * 8, - "Bit_Length'Last must be equal to Length'Last * 8"); - - subtype U64 is RFLX.RFLX_Arithmetic.U64; - - subtype Base_Integer is RFLX.RFLX_Arithmetic.Base_Integer; - - subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; - - function To_Index (Bit_Idx : Bit_Length) return Index is - (Index (Length ((Bit_Idx - 1) / 8) + 1)); - - function To_Length (Bit_Len : Bit_Length) return Length is - (Length ((Bit_Len + 7) / 8)); - - function To_Bit_Length (Len : Length) return Bit_Length is - (Bit_Length (Len) * 8); - - function To_First_Bit_Index (Idx : Index) return Bit_Index is - ((Bit_Length (Idx) - 1) * 8 + 1); - - function To_Last_Bit_Index (Idx : Index) return Bit_Index is - ((Bit_Length (Idx) - 1) * 8 + 8); - - function To_Last_Bit_Index (Idx : Length) return Bit_Length is - ((Bit_Length (Idx) - 1) * 8 + 8); - - function Fits_Into (V : U64; Bits : Natural) return Boolean renames RFLX_Arithmetic.Fits_Into; - function Fits_Into (V : Base_Integer; Bits : Natural) return Boolean renames RFLX_Arithmetic.Fits_Into; - - type Offset is mod 8; - - type Byte_Order is (High_Order_First, Low_Order_First); - - pragma Warnings (Off, "precondition is always False"); - - function Unreachable return Boolean is (False) with Pre => False; - - function Unreachable return Bit_Length is (0) with Pre => False; - - function Unreachable return Length is (0) with Pre => False; - - pragma Warnings (On, "precondition is always False"); - - procedure Lemma_Size (Val : Base_Integer; Size : Positive) renames RFLX.RFLX_Arithmetic.Lemma_Size; - - procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); - -end RFLX.RFLX_Generic_Types; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_message_sequence.adb b/examples/apps/dccp/rflx/generated/rflx-rflx_message_sequence.adb deleted file mode 100644 index 4007c4810..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_message_sequence.adb +++ /dev/null @@ -1,83 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); - -package body RFLX.RFLX_Message_Sequence with - SPARK_Mode -is - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr) is - begin - Initialize (Ctx, Buffer, RFLX_Types.To_First_Bit_Index (Buffer'First), RFLX_Types.To_Last_Bit_Index (Buffer'Last)); - end Initialize; - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) - is - Buffer_First : constant RFLX_Types.Index := Buffer'First; - Buffer_Last : constant RFLX_Types.Index := Buffer'Last; - begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid); - Buffer := null; - end Initialize; - - procedure Reset (Ctx : in out Context) is - begin - Ctx.Sequence_Last := Ctx.First - 1; - Ctx.State := S_Valid; - end Reset; - - procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) is - begin - Buffer := Ctx.Buffer; - Ctx.Buffer := null; - end Take_Buffer; - - procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) is - begin - if Buffer'Length > 0 then - Buffer := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Sequence_Last)); - else - Buffer := Ctx.Buffer.all (RFLX_Types.Index'Last .. RFLX_Types.Index'First); - end if; - end Copy; - - procedure Append_Element (Ctx : in out Context; Element_Ctx : Element_Context) is - begin - Element_Copy (Element_Ctx, Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.Sequence_Last + 1) .. RFLX_Types.To_Index (Ctx.Sequence_Last + Element_Size (Element_Ctx)))); - Ctx.Sequence_Last := Ctx.Sequence_Last + Element_Size (Element_Ctx); - end Append_Element; - - procedure Switch (Ctx : in out Context; Element_Ctx : out Element_Context) is - Buffer : RFLX_Types.Bytes_Ptr := Ctx.Buffer; - begin - Ctx.Buffer := null; - pragma Warnings (Off, "unused assignment to ""Buffer"""); - Element_Initialize (Element_Ctx, Buffer, Ctx.Sequence_Last + 1, Ctx.Last, Ctx.Last); - pragma Warnings (On, "unused assignment to ""Buffer"""); - end Switch; - - procedure Update (Ctx : in out Context; Element_Ctx : in out Element_Context) is - Buffer : RFLX_Types.Bytes_Ptr; - Valid_Message : constant Boolean := Element_Valid_Message (Element_Ctx); - Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; - begin - if Valid_Message then - Last := Element_Last (Element_Ctx); - end if; - Element_Take_Buffer (Element_Ctx, Buffer); - Ctx.Buffer := Buffer; - if Valid_Message then - Ctx.Sequence_Last := Last; - else - Ctx.State := S_Invalid; - end if; - end Update; - - procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) is - begin - if Data'Length > 0 then - Data := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Sequence_Last)); - else - Data := Ctx.Buffer.all (1 .. 0); - end if; - end Data; - -end RFLX.RFLX_Message_Sequence; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_message_sequence.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_message_sequence.ads deleted file mode 100644 index ab8d10362..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_message_sequence.ads +++ /dev/null @@ -1,259 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); -with RFLX.RFLX_Types; - -generic - type Element_Context (Buffer_First, Buffer_Last : RFLX_Types.Index; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) is private; - with procedure Element_Initialize (Ctx : out Element_Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length := 0); - with procedure Element_Take_Buffer (Ctx : in out Element_Context; Buffer : out RFLX_Types.Bytes_Ptr); - with procedure Element_Copy (Ctx : Element_Context; Buffer : out RFLX_Types.Bytes); - with function Element_Has_Buffer (Ctx : Element_Context) return Boolean; - with function Element_Size (Ctx : Element_Context) return RFLX_Types.Bit_Length; - with function Element_Last (Ctx : Element_Context) return RFLX_Types.Bit_Index; - with function Element_Initialized (Ctx : Element_Context) return Boolean; - with function Element_Valid_Message (Ctx : Element_Context) return Boolean; -package RFLX.RFLX_Message_Sequence with - SPARK_Mode, - Annotate => - (GNATprove, Always_Return) -is - - pragma Annotate (GNATprove, Always_Return, RFLX_Message_Sequence); - - pragma Unevaluated_Use_Of_Old (Allow); - - pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); - - use type RFLX_Types.Bytes_Ptr, RFLX_Types.Index, RFLX_Types.Length, RFLX_Types.Bit_Index; - - pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - - type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with - Default_Initial_Condition => - RFLX_Types.To_Index (First) >= Buffer_First - and RFLX_Types.To_Index (Last) <= Buffer_Last - and Buffer_Last < RFLX_Types.Index'Last - and First <= Last + 1 - and Last <= RFLX_Types.Bit_Length'Last - 1 - and First mod RFLX_Types.Byte'Size = 1 - and Last mod RFLX_Types.Byte'Size = 0; - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr) with - Pre => - (not Ctx'Constrained - and then Buffer /= null - and then Buffer'Length > 0 - and then Buffer'Last < RFLX_Types.Index'Last), - Post => - (Has_Buffer (Ctx) - and Valid (Ctx) - and Buffer = null - and Ctx.Buffer_First = Buffer'First'Old - and Ctx.Buffer_Last = Buffer'Last'Old - and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) - and Ctx.Last = RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last) - and Sequence_Last (Ctx) = Ctx.First - 1), - Depends => - (Ctx => Buffer, Buffer => null); - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) with - Pre => - (not Ctx'Constrained - and then Buffer /= null - and then Buffer'Length > 0 - and then Buffer'Last < RFLX_Types.Index'Last - and then RFLX_Types.To_Index (First) >= Buffer'First - and then RFLX_Types.To_Index (Last) <= Buffer'Last - and then First <= Last + 1 - and then Last <= RFLX_Types.Bit_Length'Last - 1 - and then First mod RFLX_Types.Byte'Size = 1 - and then Last mod RFLX_Types.Byte'Size = 0), - Post => - (Buffer = null - and Has_Buffer (Ctx) - and Valid (Ctx) - and Ctx.Buffer_First = Buffer'First'Old - and Ctx.Buffer_Last = Buffer'Last'Old - and Ctx.First = First - and Ctx.Last = Last - and Sequence_Last (Ctx) = First - 1), - Depends => - (Ctx => (Buffer, First, Last), Buffer => null); - - procedure Reset (Ctx : in out Context) with - Pre => - Has_Buffer (Ctx), - Post => - (Has_Buffer (Ctx) - and Valid (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Sequence_Last (Ctx) = Ctx.First - 1); - - procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) with - Pre => - Has_Buffer (Ctx), - Post => - (not Has_Buffer (Ctx) - and Buffer /= null - and Buffer'First = Ctx.Buffer_First - and Buffer'Last = Ctx.Buffer_Last - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Valid (Ctx) = Valid (Ctx)'Old - and Sequence_Last (Ctx) = Sequence_Last (Ctx)'Old), - Depends => - (Ctx => Ctx, Buffer => Ctx); - - procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) with - Pre => - (Has_Buffer (Ctx) - and Valid (Ctx) - and Byte_Size (Ctx) = Buffer'Length); - - function Has_Element (Ctx : Context) return Boolean; - - procedure Append_Element (Ctx : in out Context; Element_Ctx : Element_Context) with - Pre => - (Has_Buffer (Ctx) - and then Valid (Ctx) - and then Element_Has_Buffer (Element_Ctx) - and then Element_Valid_Message (Element_Ctx) - and then Element_Size (Element_Ctx) > 0 - and then Available_Space (Ctx) >= Element_Size (Element_Ctx)), - Post => - (Has_Buffer (Ctx) - and Valid (Ctx) - and Sequence_Last (Ctx) = Sequence_Last (Ctx)'Old + Element_Size (Element_Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old); - - procedure Switch (Ctx : in out Context; Element_Ctx : out Element_Context) with - Pre => - (not Element_Ctx'Constrained - and then Has_Buffer (Ctx) - and then Has_Element (Ctx) - and then Valid (Ctx)), - Post => - (not Has_Buffer (Ctx) - and Has_Element (Ctx) - and Valid (Ctx) - and Element_Has_Buffer (Element_Ctx) - and Ctx.Buffer_First = Element_Ctx.Buffer_First - and Ctx.Buffer_Last = Element_Ctx.Buffer_Last - and Ctx.First <= Element_Ctx.First - and Ctx.Last >= Element_Ctx.Last - and Element_Ctx.First = Sequence_Last (Ctx) + 1 - and Element_Ctx.Last = Ctx.Last - and Element_Initialized (Element_Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Sequence_Last (Ctx) = Sequence_Last (Ctx)'Old), - Depends => - (Ctx => Ctx, Element_Ctx => Ctx); - - procedure Update (Ctx : in out Context; Element_Ctx : in out Element_Context) with - Pre => - (not Has_Buffer (Ctx) - and then Element_Has_Buffer (Element_Ctx) - and then Has_Element (Ctx) - and then Valid (Ctx) - and then Ctx.Buffer_First = Element_Ctx.Buffer_First - and then Ctx.Buffer_Last = Element_Ctx.Buffer_Last - and then Ctx.First <= Element_Ctx.First - and then Ctx.Last >= Element_Ctx.Last), - Post => - (Has_Buffer (Ctx) - and not Element_Has_Buffer (Element_Ctx) - and (if Element_Valid_Message (Element_Ctx)'Old then Valid (Ctx)) - and Sequence_Last (Ctx) = RFLX_Types.Bit_Length'(if Element_Valid_Message (Element_Ctx) then Element_Last (Element_Ctx) else Sequence_Last (Ctx))'Old - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old), - Contract_Cases => - (Element_Valid_Message (Element_Ctx) => - (Sequence_Last (Ctx) = Element_Last (Element_Ctx)'Old), - others => - True), - Depends => - (Ctx => (Ctx, Element_Ctx), Element_Ctx => Element_Ctx); - - function Valid (Ctx : Context) return Boolean; - - function Has_Buffer (Ctx : Context) return Boolean; - - function Available_Space (Ctx : Context) return RFLX_Types.Bit_Length; - - function Sequence_Last (Ctx : Context) return RFLX_Types.Bit_Length; - - function Size (Ctx : Context) return RFLX_Types.Bit_Length; - - function Byte_Size (Ctx : Context) return RFLX_Types.Length; - - procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) with - Pre => - (Has_Buffer (Ctx) - and then Valid (Ctx) - and then Data'Length = Byte_Size (Ctx)); - -private - - pragma Warnings (Off, "use clause for package * has no effect"); - - use RFLX.RFLX_Types; - - pragma Warnings (On, "use clause for package * has no effect"); - - type Context_State is (S_Valid, S_Invalid); - - type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is - record - Sequence_Last : RFLX_Types.Bit_Length := First - 1; - Buffer : RFLX_Types.Bytes_Ptr := null; - State : Context_State := S_Valid; - end record with - Dynamic_Predicate => - ((if Buffer /= null then - (Buffer'First = Buffer_First - and Buffer'Last = Buffer_Last)) - and RFLX_Types.To_Index (First) >= Buffer_First - and RFLX_Types.To_Index (Last) <= Buffer_Last - and Buffer_Last < RFLX_Types.Index'Last - and First <= Last + 1 - and Last <= RFLX_Types.Bit_Length'Last - 1 - and First - 1 <= Sequence_Last - and Sequence_Last <= Last - and First mod RFLX_Types.Byte'Size = 1 - and Last mod RFLX_Types.Byte'Size = 0 - and Sequence_Last mod RFLX_Types.Byte'Size = 0); - - function Has_Element (Ctx : Context) return Boolean is - (Ctx.State = S_Valid and Ctx.Sequence_Last < Ctx.Last); - - function Valid (Ctx : Context) return Boolean is - (Ctx.State = S_Valid); - - function Has_Buffer (Ctx : Context) return Boolean is - (Ctx.Buffer /= null); - - function Available_Space (Ctx : Context) return RFLX_Types.Bit_Length is - (Ctx.Last - Ctx.Sequence_Last); - - function Sequence_Last (Ctx : Context) return RFLX_Types.Bit_Length is - (Ctx.Sequence_Last); - - function Size (Ctx : Context) return RFLX_Types.Bit_Length is - (Ctx.Sequence_Last - Ctx.First + 1); - - function Byte_Size (Ctx : Context) return RFLX_Types.Length is - (RFLX_Types.To_Length (Size (Ctx))); - -end RFLX.RFLX_Message_Sequence; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_scalar_sequence.adb b/examples/apps/dccp/rflx/generated/rflx-rflx_scalar_sequence.adb deleted file mode 100644 index 5bda20c30..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_scalar_sequence.adb +++ /dev/null @@ -1,96 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); -with RFLX.RFLX_Types.Operations; - -package body RFLX.RFLX_Scalar_Sequence with - SPARK_Mode -is - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr) is - begin - Initialize (Ctx, Buffer, RFLX_Types.To_First_Bit_Index (Buffer'First), RFLX_Types.To_Last_Bit_Index (Buffer'Last)); - end Initialize; - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) - is - Buffer_First : constant RFLX_Types.Index := Buffer'First; - Buffer_Last : constant RFLX_Types.Index := Buffer'Last; - begin - Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.Base_Integer'First, Next_Element => RFLX.RFLX_Types.Base_Integer'First); - Buffer := null; - end Initialize; - - procedure Reset (Ctx : in out Context) is - begin - Ctx.Sequence_Last := Ctx.First - 1; - Ctx.State := S_Valid; - end Reset; - - procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) is - begin - Buffer := Ctx.Buffer; - Ctx.Buffer := null; - end Take_Buffer; - - procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) is - begin - if Buffer'Length > 0 then - Buffer := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Sequence_Last)); - else - Buffer := Ctx.Buffer.all (RFLX_Types.Index'Last .. RFLX_Types.Index'First); - end if; - end Copy; - - procedure Next (Ctx : in out Context) is - Last_Bit : constant RFLX_Types.Bit_Index := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); - Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Sequence_Last + 1); - Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Last_Bit); - Offset : constant RFLX_Types.Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); - begin - if Buffer_First >= Ctx.Buffer'First and Buffer_Last <= Ctx.Buffer'Last and Buffer_First <= Buffer_Last then - Ctx.Next_Element := RFLX.RFLX_Types.Operations.Extract (Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Element_Size, RFLX_Types.High_Order_First); - if Valid_Element (Ctx) then - if Size (Ctx) = 0 then - Ctx.First_Element := Ctx.Next_Element; - end if; - else - Ctx.State := S_Invalid; - end if; - end if; - Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); - end Next; - - function Get_Element (Ctx : Context) return Element_Type is - (To_Actual (Ctx.Next_Element)); - - function Head (Ctx : Context) return Element_Type is - (To_Actual (Ctx.First_Element)); - - procedure Append_Element (Ctx : in out Context; Value : Element_Type) is - Last_Bit : RFLX_Types.Bit_Index; - First : RFLX_Types.Index; - Last : RFLX_Types.Index; - Offset : RFLX_Types.Offset; - begin - Last_Bit := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); - First := RFLX_Types.To_Index (Ctx.Sequence_Last + 1); - Last := RFLX_Types.To_Index (Last_Bit); - Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); - if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then - RFLX.RFLX_Types.Operations.Insert (To_Base_Int (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); - end if; - if Size (Ctx) = 0 then - Ctx.First_Element := To_Base_Int (Value); - end if; - Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); - end Append_Element; - - procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) is - begin - if Data'Length > 0 then - Data := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Sequence_Last)); - else - Data := Ctx.Buffer.all (1 .. 0); - end if; - end Data; - -end RFLX.RFLX_Scalar_Sequence; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_scalar_sequence.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_scalar_sequence.ads deleted file mode 100644 index 749c6a08c..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_scalar_sequence.ads +++ /dev/null @@ -1,232 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); -with RFLX.RFLX_Types; - -generic - type Element_Type is private; - Element_Size : Positive; - with function Valid (Element : RFLX.RFLX_Types.Base_Integer) return Boolean; - with function To_Actual (Element : RFLX.RFLX_Types.Base_Integer) return Element_Type; - with function To_Base_Int (Element : Element_Type) return RFLX.RFLX_Types.Base_Integer; -package RFLX.RFLX_Scalar_Sequence with - SPARK_Mode, - Annotate => - (GNATprove, Always_Return) -is - - pragma Annotate (GNATprove, Always_Return, RFLX_Scalar_Sequence); - - use type RFLX_Types.Bytes_Ptr; - - use type RFLX_Types.Index; - - pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); - - use type RFLX_Types.Length; - - pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); - - use type RFLX_Types.Bit_Index; - - use type RFLX_Types.Base_Integer; - - type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with - Default_Initial_Condition => - RFLX_Types.To_Index (First) >= Buffer_First - and RFLX_Types.To_Index (Last) <= Buffer_Last - and Buffer_Last < RFLX_Types.Index'Last - and First <= Last + 1 - and Last <= RFLX_Types.Bit_Length'Last - 1 - and First mod RFLX_Types.Byte'Size = 1; - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr) with - Pre => - (not Ctx'Constrained - and then Buffer /= null - and then Buffer'Length > 0 - and then Buffer'Last < RFLX_Types.Index'Last), - Post => - (Has_Buffer (Ctx) - and Valid (Ctx) - and Buffer = null - and Ctx.Buffer_First = Buffer'First'Old - and Ctx.Buffer_Last = Buffer'Last'Old - and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) - and Ctx.Last = RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last) - and Sequence_Last (Ctx) = Ctx.First - 1), - Depends => - (Ctx => Buffer, Buffer => null); - - procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) with - Pre => - (not Ctx'Constrained - and then Buffer /= null - and then Buffer'Length > 0 - and then Buffer'Last < RFLX_Types.Index'Last - and then RFLX_Types.To_Index (First) >= Buffer'First - and then RFLX_Types.To_Index (Last) <= Buffer'Last - and then First <= Last + 1 - and then Last <= RFLX_Types.Bit_Length'Last - 1 - and then First mod RFLX_Types.Byte'Size = 1), - Post => - (Buffer = null - and Has_Buffer (Ctx) - and Valid (Ctx) - and Ctx.Buffer_First = Buffer'First'Old - and Ctx.Buffer_Last = Buffer'Last'Old - and Ctx.First = First - and Ctx.Last = Last - and Sequence_Last (Ctx) = First - 1), - Depends => - (Ctx => (Buffer, First, Last), Buffer => null); - - procedure Reset (Ctx : in out Context) with - Pre => - Has_Buffer (Ctx), - Post => - (Has_Buffer (Ctx) - and Valid (Ctx) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Sequence_Last (Ctx) = Ctx.First - 1); - - procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) with - Pre => - Has_Buffer (Ctx), - Post => - (not Has_Buffer (Ctx) - and Buffer /= null - and Buffer'First = Ctx.Buffer_First - and Buffer'Last = Ctx.Buffer_Last - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old - and Valid (Ctx) = Valid (Ctx)'Old - and Sequence_Last (Ctx) = Sequence_Last (Ctx)'Old), - Depends => - (Ctx => Ctx, Buffer => Ctx); - - procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) with - Pre => - (Has_Buffer (Ctx) - and Valid (Ctx) - and Byte_Size (Ctx) = Buffer'Length); - - procedure Next (Ctx : in out Context) with - Pre => - (Has_Buffer (Ctx) - and then Has_Element (Ctx)), - Post => - (Has_Buffer (Ctx) - and Sequence_Last (Ctx) = Sequence_Last (Ctx)'Old + RFLX.RFLX_Types.Bit_Index (Element_Size) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old); - - function Has_Element (Ctx : Context) return Boolean; - - function Valid_Element (Ctx : Context) return Boolean; - - function Get_Element (Ctx : Context) return Element_Type with - Pre => - Valid_Element (Ctx); - - function Head (Ctx : Context) return Element_Type with - Pre => - (Valid (Ctx) - and then Sequence_Last (Ctx) >= Ctx.First + RFLX.RFLX_Types.Bit_Index (Element_Size) - 1); - - procedure Append_Element (Ctx : in out Context; Value : Element_Type) with - Pre => - (Has_Buffer (Ctx) - and then Valid (Ctx) - and then Valid (To_Base_Int (Value)) - and then (if Element_Size < 64 then To_Base_Int (Value) < 2**Element_Size) - and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), - Post => - (Has_Buffer (Ctx) - and Valid (Ctx) - and Sequence_Last (Ctx) = Sequence_Last (Ctx)'Old + RFLX.RFLX_Types.Bit_Index (Element_Size) - and Ctx.Buffer_First = Ctx.Buffer_First'Old - and Ctx.Buffer_Last = Ctx.Buffer_Last'Old - and Ctx.First = Ctx.First'Old - and Ctx.Last = Ctx.Last'Old); - - function Valid (Ctx : Context) return Boolean; - - function Has_Buffer (Ctx : Context) return Boolean; - - function Available_Space (Ctx : Context) return RFLX_Types.Bit_Length; - - function Sequence_Last (Ctx : Context) return RFLX_Types.Bit_Length; - - function Size (Ctx : Context) return RFLX_Types.Bit_Length; - - function Byte_Size (Ctx : Context) return RFLX_Types.Length; - - procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) with - Pre => - (Has_Buffer (Ctx) - and then Valid (Ctx) - and then Data'Length = Byte_Size (Ctx)); - -private - - pragma Warnings (Off, "use clause for package * has no effect"); - - use RFLX.RFLX_Types; - - pragma Warnings (On, "use clause for package * has no effect"); - - type Context_State is (S_Valid, S_Invalid); - - type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is - record - Sequence_Last : RFLX_Types.Bit_Length := First - 1; - Buffer : RFLX_Types.Bytes_Ptr := null; - State : Context_State := S_Valid; - First_Element : RFLX.RFLX_Types.Base_Integer := RFLX.RFLX_Types.Base_Integer'First; - Next_Element : RFLX.RFLX_Types.Base_Integer := RFLX.RFLX_Types.Base_Integer'First; - end record with - Dynamic_Predicate => - ((if Buffer /= null then - (Buffer'First = Buffer_First - and Buffer'Last = Buffer_Last)) - and RFLX_Types.To_Index (First) >= Buffer_First - and RFLX_Types.To_Index (Last) <= Buffer_Last - and First mod RFLX_Types.Byte'Size = 1 - and Buffer_Last < RFLX_Types.Index'Last - and First <= Last + 1 - and Last <= RFLX_Types.Bit_Length'Last - 1 - and Sequence_Last >= First - 1 - and Sequence_Last <= Last - and (if Sequence_Last > First - 1 and State = S_Valid then Valid (First_Element))); - - function Has_Element (Ctx : Context) return Boolean is - (Ctx.State = S_Valid and Ctx.Last - Ctx.Sequence_Last >= RFLX.RFLX_Types.Bit_Index (Element_Size)); - - function Valid_Element (Ctx : Context) return Boolean is - (Ctx.State = S_Valid and Valid (Ctx.Next_Element)); - - function Valid (Ctx : Context) return Boolean is - (Ctx.State = S_Valid); - - function Has_Buffer (Ctx : Context) return Boolean is - (Ctx.Buffer /= null); - - function Available_Space (Ctx : Context) return RFLX_Types.Bit_Length is - (Ctx.Last - Ctx.Sequence_Last); - - function Sequence_Last (Ctx : Context) return RFLX_Types.Bit_Length is - (Ctx.Sequence_Last); - - function Size (Ctx : Context) return RFLX_Types.Bit_Length is - (Ctx.Sequence_Last - Ctx.First + 1); - - function Byte_Size (Ctx : Context) return RFLX_Types.Length is - (RFLX_Types.To_Length (Size (Ctx))); - -end RFLX.RFLX_Scalar_Sequence; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_types-operations.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_types-operations.ads deleted file mode 100644 index cb8e8da54..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_types-operations.ads +++ /dev/null @@ -1,6 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); -pragma SPARK_Mode; -with RFLX.RFLX_Types.Operators; -with RFLX.RFLX_Generic_Types.Generic_Operations; - -package RFLX.RFLX_Types.Operations is new RFLX.RFLX_Types.Generic_Operations (RFLX.RFLX_Types.Operators); diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_types-operators.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_types-operators.ads deleted file mode 100644 index 2d6a55853..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_types-operators.ads +++ /dev/null @@ -1,5 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); -pragma SPARK_Mode; -with RFLX.RFLX_Generic_Types.Generic_Operators; - -package RFLX.RFLX_Types.Operators is new RFLX.RFLX_Types.Generic_Operators; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_types.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_types.ads deleted file mode 100644 index efc96d324..000000000 --- a/examples/apps/dccp/rflx/generated/rflx-rflx_types.ads +++ /dev/null @@ -1,6 +0,0 @@ -pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); -pragma SPARK_Mode; -with RFLX.RFLX_Generic_Types; -with RFLX.RFLX_Builtin_Types; - -package RFLX.RFLX_Types is new RFLX.RFLX_Generic_Types (RFLX_Builtin_Types.Index, RFLX_Builtin_Types.Byte, RFLX_Builtin_Types.Bytes, RFLX_Builtin_Types.Bytes_Ptr, RFLX_Builtin_Types.Length, RFLX_Builtin_Types.Bit_Length); diff --git a/examples/apps/dccp/rflx/generated/rflx.ads b/examples/apps/dccp/rflx/generated/rflx.ads deleted file mode 100644 index 06c81f940..000000000 --- a/examples/apps/dccp/rflx/generated/rflx.ads +++ /dev/null @@ -1,3 +0,0 @@ -package RFLX is - -end RFLX; \ No newline at end of file diff --git a/examples/apps/dccp/rflx/out/locations.json b/examples/apps/dccp/rflx/out/locations.json deleted file mode 100644 index 681bb7bed..000000000 --- a/examples/apps/dccp/rflx/out/locations.json +++ /dev/null @@ -1 +0,0 @@ -{"../rflx/specs/dccp.rflx": {"DCCP_Packet": {"start": {"line": 202, "column": 9}, "end": {"line": 319, "column": 18}}}} \ No newline at end of file diff --git a/examples/apps/dccp/rflx/specs/dccp.rflx b/examples/apps/dccp/specs/dccp.rflx similarity index 100% rename from examples/apps/dccp/rflx/specs/dccp.rflx rename to examples/apps/dccp/specs/dccp.rflx diff --git a/examples/apps/dccp/dccp_client/src/dccp_client.adb b/examples/apps/dccp/src/dccp_client.adb similarity index 95% rename from examples/apps/dccp/dccp_client/src/dccp_client.adb rename to examples/apps/dccp/src/dccp_client.adb index 0a09c4599..f60469ae7 100644 --- a/examples/apps/dccp/dccp_client/src/dccp_client.adb +++ b/examples/apps/dccp/src/dccp_client.adb @@ -2,7 +2,7 @@ with Socket; with Msg_Write; procedure DCCP_Client with - SPARK_Mode => On + SPARK_Mode is Channel : Socket.Channel := Socket.Initialize (1234); begin diff --git a/examples/apps/dccp/dccp_server/src/dccp_server.adb b/examples/apps/dccp/src/dccp_server.adb similarity index 97% rename from examples/apps/dccp/dccp_server/src/dccp_server.adb rename to examples/apps/dccp/src/dccp_server.adb index 973a14108..2812b5013 100644 --- a/examples/apps/dccp/dccp_server/src/dccp_server.adb +++ b/examples/apps/dccp/src/dccp_server.adb @@ -5,7 +5,8 @@ with Socket; with Msg_Read; procedure DCCP_Server with - SPARK_Mode => On, Annotate => (GNATprove, Might_Not_Return) + SPARK_Mode, + Always_Terminates => False is use RFLX; diff --git a/examples/apps/dccp/dccp_server/src/msg_read.adb b/examples/apps/dccp/src/msg_read.adb similarity index 99% rename from examples/apps/dccp/dccp_server/src/msg_read.adb rename to examples/apps/dccp/src/msg_read.adb index efdd181c1..2f79a2f81 100644 --- a/examples/apps/dccp/dccp_server/src/msg_read.adb +++ b/examples/apps/dccp/src/msg_read.adb @@ -5,7 +5,7 @@ with RFLX.DCCP.Option; with RFLX.DCCP.Options; package body Msg_Read with - SPARK_Mode => On + SPARK_Mode is use RFLX.RFLX_Builtin_Types; use type DCCP.Ext_Seq_Type; @@ -17,7 +17,7 @@ is pragma Warnings (Off, "subprogram ""Print_Data"" has no effect"); procedure Print_Data_Block (Data_Block : RFLX.RFLX_Types.Bytes) with - Annotate => (GNATprove, Always_Return); + Always_Terminates; procedure Print_Data is new DCCP.Packet.Generic_Get_Data (Print_Data_Block); @@ -125,7 +125,7 @@ is and then DCCP.Packet.Well_Formed_Message (Ctx) and then not Ctx'Constrained and then DCCP.Packet.Valid (Ctx, DCCP.Packet.F_Options), Post => RFLX.DCCP.Packet.Has_Buffer (Ctx) and then not Ctx'Constrained, - Annotate => (GNATprove, Might_Not_Return) + Always_Terminates => False is Opt_Type_Field : DCCP.Opt_Type; Options_Sequence_Context : DCCP.Options.Context; diff --git a/examples/apps/dccp/dccp_server/src/msg_read.ads b/examples/apps/dccp/src/msg_read.ads similarity index 89% rename from examples/apps/dccp/dccp_server/src/msg_read.ads rename to examples/apps/dccp/src/msg_read.ads index edc79b073..20fb0f9d1 100644 --- a/examples/apps/dccp/dccp_server/src/msg_read.ads +++ b/examples/apps/dccp/src/msg_read.ads @@ -1,7 +1,7 @@ with RFLX.DCCP.Packet; package Msg_Read with - SPARK_Mode => On + SPARK_Mode is use RFLX; use type DCCP.Type_Field; @@ -20,8 +20,8 @@ is and then DCCP.Packet.Get_Packet_Type (Ctx) = DCCP.DCCP_ACK, Post => RFLX.DCCP.Packet.Has_Buffer (Ctx), - Annotate => - (GNATprove, Might_Not_Return); + Always_Terminates => + False; procedure DCCP_DATA_ACK (Ctx : in out DCCP.Packet.Context) with Pre => @@ -31,16 +31,16 @@ is and then DCCP.Packet.Get_Packet_Type (Ctx) = DCCP.DCCP_DATA_ACK, Post => RFLX.DCCP.Packet.Has_Buffer (Ctx), - Annotate => - (GNATprove, Might_Not_Return); + Always_Terminates => + False; procedure DCCP_DATA (Ctx : DCCP.Packet.Context) with Pre => RFLX.DCCP.Packet.Has_Buffer (Ctx) and then DCCP.Packet.Well_Formed_Message (Ctx) and then DCCP.Packet.Get_Packet_Type (Ctx) = DCCP.DCCP_DATA, - Annotate => - (GNATprove, Might_Not_Return); + Always_Terminates => + False; procedure DCCP_CLOSE (Ctx : DCCP.Packet.Context) with Pre => @@ -56,8 +56,8 @@ is and then DCCP.Packet.Get_Packet_Type (Ctx) = DCCP.DCCP_RESET, Post => RFLX.DCCP.Packet.Has_Buffer (Ctx), - Annotate => - (GNATprove, Might_Not_Return); + Always_Terminates => + False; procedure DCCP_RESPONSE (Ctx : DCCP.Packet.Context) with Pre => diff --git a/examples/apps/dccp/dccp_client/src/msg_write.adb b/examples/apps/dccp/src/msg_write.adb similarity index 99% rename from examples/apps/dccp/dccp_client/src/msg_write.adb rename to examples/apps/dccp/src/msg_write.adb index b6542b6f6..e8ee329b9 100644 --- a/examples/apps/dccp/dccp_client/src/msg_write.adb +++ b/examples/apps/dccp/src/msg_write.adb @@ -6,7 +6,7 @@ with RFLX.RFLX_Types; with RFLX.RFLX_Builtin_Types; package body Msg_Write with - SPARK_Mode => On + SPARK_Mode is use RFLX; use type RFLX.RFLX_Builtin_Types.Bit_Length; @@ -362,8 +362,6 @@ is -- Finish OPTIONS AREA DCCP.Packet.Update_Options (Context, Options_Array_Context); - pragma Assert (DCCP.Packet.Well_Formed (Context, DCCP.Packet.F_Options)); - -- Set "Data" -- Lots'o bytes DCCP.Packet.Set_Data (Context, Data); diff --git a/examples/apps/dccp/dccp_client/src/msg_write.ads b/examples/apps/dccp/src/msg_write.ads similarity index 97% rename from examples/apps/dccp/dccp_client/src/msg_write.ads rename to examples/apps/dccp/src/msg_write.ads index c2e68cb6e..b68561f08 100644 --- a/examples/apps/dccp/dccp_client/src/msg_write.ads +++ b/examples/apps/dccp/src/msg_write.ads @@ -1,7 +1,7 @@ with Socket; package Msg_Write with - SPARK_Mode => On + SPARK_Mode is procedure Send_Request (Channel : Socket.Channel) with Pre => Socket.Is_Open (Channel); diff --git a/examples/apps/dccp/common/socket.adb b/examples/apps/dccp/src/socket.adb similarity index 91% rename from examples/apps/dccp/common/socket.adb rename to examples/apps/dccp/src/socket.adb index 751d29bec..924a019ff 100644 --- a/examples/apps/dccp/common/socket.adb +++ b/examples/apps/dccp/src/socket.adb @@ -71,9 +71,9 @@ is end Close; procedure Send (Chan : Channel; Data : RFLX.RFLX_Types.Bytes) is - Last : Ada.Streams.Stream_Element_Offset; - Address : GNAT.Sockets.Sock_Addr_Type; - Send_Data : Ada.Streams.Stream_Element_Array (1 .. Data'Length); + Unused_Last : Ada.Streams.Stream_Element_Offset; + Address : GNAT.Sockets.Sock_Addr_Type; + Send_Data : Ada.Streams.Stream_Element_Array (1 .. Data'Length); use type Ada.Streams.Stream_Element_Offset; begin @@ -88,7 +88,7 @@ is Address.Addr := GNAT.Sockets.Inet_Addr ("127.0.0.1"); GNAT.Sockets.Send_Socket - (Socket => Chan.Socket, Item => Send_Data, Last => Last, + (Socket => Chan.Socket, Item => Send_Data, Last => Unused_Last, To => Address); end Send; end Socket; diff --git a/examples/apps/dccp/common/socket.ads b/examples/apps/dccp/src/socket.ads similarity index 100% rename from examples/apps/dccp/common/socket.ads rename to examples/apps/dccp/src/socket.ads diff --git a/examples/apps/dccp/tests/run b/examples/apps/dccp/tests/run new file mode 100755 index 000000000..44aab0332 --- /dev/null +++ b/examples/apps/dccp/tests/run @@ -0,0 +1,14 @@ +#!/bin/bash + +set -x + +build/obj/dccp_server & +SERVER_PID=$! + +timeout 3 build/obj/dccp_client +SUCCESS=$? + +kill -9 $SERVER_PID +exit $SUCCESS + +trap "kill -9 $SERVER_PID" SIGINT SIGTERM EXIT diff --git a/examples/apps/dccp/rflx/test/valid/10_DATA-ACK_Seq_5_ACK_3.raw b/examples/apps/dccp/tests/samples/valid/10_DATA-ACK_Seq_5_ACK_3.raw similarity index 100% rename from examples/apps/dccp/rflx/test/valid/10_DATA-ACK_Seq_5_ACK_3.raw rename to examples/apps/dccp/tests/samples/valid/10_DATA-ACK_Seq_5_ACK_3.raw diff --git a/examples/apps/dccp/rflx/test/valid/1_REQUEST_Service_Not_Specified.raw b/examples/apps/dccp/tests/samples/valid/1_REQUEST_Service_Not_Specified.raw similarity index 100% rename from examples/apps/dccp/rflx/test/valid/1_REQUEST_Service_Not_Specified.raw rename to examples/apps/dccp/tests/samples/valid/1_REQUEST_Service_Not_Specified.raw diff --git a/examples/apps/dccp/rflx/test/valid/2_RESPONSE_Service_Not_Specified.raw b/examples/apps/dccp/tests/samples/valid/2_RESPONSE_Service_Not_Specified.raw similarity index 100% rename from examples/apps/dccp/rflx/test/valid/2_RESPONSE_Service_Not_Specified.raw rename to examples/apps/dccp/tests/samples/valid/2_RESPONSE_Service_Not_Specified.raw diff --git a/examples/apps/dccp/rflx/test/valid/3_ACK_Seq_1.raw b/examples/apps/dccp/tests/samples/valid/3_ACK_Seq_1.raw similarity index 100% rename from examples/apps/dccp/rflx/test/valid/3_ACK_Seq_1.raw rename to examples/apps/dccp/tests/samples/valid/3_ACK_Seq_1.raw diff --git a/examples/apps/dccp/rflx/test/valid/4_DATA-ACK_Seq_2.raw b/examples/apps/dccp/tests/samples/valid/4_DATA-ACK_Seq_2.raw similarity index 100% rename from examples/apps/dccp/rflx/test/valid/4_DATA-ACK_Seq_2.raw rename to examples/apps/dccp/tests/samples/valid/4_DATA-ACK_Seq_2.raw diff --git a/examples/apps/dccp/rflx/test/valid/5058_CLOSE_Seq_5002_ACK_52.raw b/examples/apps/dccp/tests/samples/valid/5058_CLOSE_Seq_5002_ACK_52.raw similarity index 100% rename from examples/apps/dccp/rflx/test/valid/5058_CLOSE_Seq_5002_ACK_52.raw rename to examples/apps/dccp/tests/samples/valid/5058_CLOSE_Seq_5002_ACK_52.raw diff --git a/examples/apps/dccp/rflx/test/valid/5060_RESET_Seq_54_ACK_5002.raw b/examples/apps/dccp/tests/samples/valid/5060_RESET_Seq_54_ACK_5002.raw similarity index 100% rename from examples/apps/dccp/rflx/test/valid/5060_RESET_Seq_54_ACK_5002.raw rename to examples/apps/dccp/tests/samples/valid/5060_RESET_Seq_54_ACK_5002.raw diff --git a/examples/apps/dccp/rflx/test/valid/5_DATA-ACK_Seq_3.raw b/examples/apps/dccp/tests/samples/valid/5_DATA-ACK_Seq_3.raw similarity index 100% rename from examples/apps/dccp/rflx/test/valid/5_DATA-ACK_Seq_3.raw rename to examples/apps/dccp/tests/samples/valid/5_DATA-ACK_Seq_3.raw diff --git a/examples/apps/dccp/rflx/test/valid/6_ACK_Seq_1_ACK_2.raw b/examples/apps/dccp/tests/samples/valid/6_ACK_Seq_1_ACK_2.raw similarity index 100% rename from examples/apps/dccp/rflx/test/valid/6_ACK_Seq_1_ACK_2.raw rename to examples/apps/dccp/tests/samples/valid/6_ACK_Seq_1_ACK_2.raw diff --git a/examples/apps/dccp/rflx/test/valid/7_ACK_Seq_2_ACK_3.raw b/examples/apps/dccp/tests/samples/valid/7_ACK_Seq_2_ACK_3.raw similarity index 100% rename from examples/apps/dccp/rflx/test/valid/7_ACK_Seq_2_ACK_3.raw rename to examples/apps/dccp/tests/samples/valid/7_ACK_Seq_2_ACK_3.raw diff --git a/examples/apps/dccp/rflx/test/valid/8_DATA-ACK_Seq_4_ACK_2.raw b/examples/apps/dccp/tests/samples/valid/8_DATA-ACK_Seq_4_ACK_2.raw similarity index 100% rename from examples/apps/dccp/rflx/test/valid/8_DATA-ACK_Seq_4_ACK_2.raw rename to examples/apps/dccp/tests/samples/valid/8_DATA-ACK_Seq_4_ACK_2.raw diff --git a/examples/apps/dccp/rflx/test/valid/9_ACK_Seq_3_ACK_4.raw b/examples/apps/dccp/tests/samples/valid/9_ACK_Seq_3_ACK_4.raw similarity index 100% rename from examples/apps/dccp/rflx/test/valid/9_ACK_Seq_3_ACK_4.raw rename to examples/apps/dccp/tests/samples/valid/9_ACK_Seq_3_ACK_4.raw