A.18 Containers

danger

This Reference Manual output has not been verified, and may contain omissions or errors. Report any problems on the tracking issue

1/2

This clause presents the specifications of the package Containers and several child packages, which provide facilities for storing collections of elements.

1.a.1/3

glossary entry

A container is an object that contain other objects all of the same type, which could be class-wide. Several predefined container types are provided by the children of package Ada.Containers (see A.18.1).

2 3/5

A variety of sequence and associative containers are provided. Each container package defines a cursor type as well as a container type. A cursor is a reference to an element within a container. Many operations on cursors are common to all of the containers. A cursor referencing an element in a container is considered to be overlapping only with the element itself.

3.a/5

reason

The last sentence is intended to clarify that operations that just use a cursor do not interfere if the cursor objects designated different elements of the container in terms of the concurrent call rules of Annex A.

3.b/5

ramification

A cursor is not considered to overlap with other elements of the associated container, thus parallel operations involving a set of cursors each operating on mutually exclusive sets of elements from the same container are expected to work.

3.c/5

discussion

We use the term “container” alone when it is clear from context what kind of entity (package, type, or object) that we are talking about. Otherwise, we use “container package”, “container type”, or “container object”. Note that "container type" is defined in 4.3.5 for a different usage; in all of A.18 we mean “container type” to be one of the primary types declared in the child packages of package Containers, such as Vector, List, or Map.

3.1/5

Some operations of the language-defined child units of Ada.Containers have access-to-subprogram parameters. To ensure such operations are well-defined, they guard against certain actions by the designated subprogram. An action on a container that can add or remove an element is considered to tamper with cursors, and these are prohibited during all such operations. An action on a container that can replace an element with one of a different size is considered to tamper with elements, and these are prohibited during certain of such operations. The details of the specific actions that are considered to tamper with cursors or elements are defined for each child unit of Ada.Containers.

3.2/5

Several of the language-defined child units of Ada.Containers include a nested package named Stable, which provides a view of a container that prohibits any operations that would tamper with elements. By using a Stable view for manipulating a container, the number of tampering checks performed while performing the operations can be reduced. The details of the Stable subpackage are defined separately for each child unit of Ada.Containers that includes such a nested package.

4/2

Within this clause we provide O(X). Presuming f is some function of a length parameter N and t(N) is the time the operation takes (on average or worst case, as specified) for the length N, a complexity of O(f(N)) means that there exists a finite A such that for any N, t(N)/f(N) < A.

4.a/2

discussion

Of course, an implementation can do better than a specified O(f(N)): for example, O(1) meets the requirements for O(log N).

4.b/2

note

This concept seems to have as many names as there are authors. We used “Landau symbol” because that's what our reference does. But we'd also seen this referred as big-O notation (sometimes written as big-oh), and as Bachmann notation. Whatever the name, it always has the above definition.

5/2

If the advice suggests that the complexity should be less than O(f(N)), then for any arbitrarily small positive real D, there should exist a positive integer M such that for all N > M, t(N)/f(N) < D.

6/5

When a formal function is used to provide an ordering for a container, it is generally required to define a strict weak ordering. A function "<" defines a strict weak ordering if it is irreflexive, asymmetric, transitive, and in addition, if x < y for any values x and y, then for all other values z, (x < z) or (z < y). Elements are in a smallest first order using such an operator if, for every element y with a predecessor x in the order, (y < x) is false.

6.a.1/5

reason

Given a "<" operator that provides a strict weak ordering, knowing that (y < x) is false is enough to know that (x <= y) is true. For a strict weak ordering, (x = y) when both (x < y) and (y < x) are false. Therefore, it is not necessary to use the "=" operator or test (x < y). We only need to discuss adjacent elements since a strict weak ordering is transitive.

Language Design Principles

6.a/3

note

This subclause provides a number of useful containers for Ada. Only the most useful containers are provided. Ones that are relatively easy to code, redundant, or rarely used are omitted from this set, even if they are generally included in containers libraries.

6.b/2

note

The containers packages are modeled on the Standard Template Library (STL), an algorithms and data structure library popularized by Alexander Stepanov, and included in the C++ standard library. The structure and terminology differ from the STL where that better maps to common Ada usage. For instance, what the STL calls “iterators” are called “cursors” here.

6.c/2

note

The following major nonlimited containers are provided:

6.d/2

(Expandable) Vectors of any nonlimited type;

6.e/2

Doubly-linked Lists of any nonlimited type;

6.f/2

Hashed Maps keyed by any nonlimited hashable type, and containing any nonlimited type;

6.g/2

Ordered Maps keyed by any nonlimited ordered type, and containing any nonlimited type;

6.h/3

Hashed Sets of any nonlimited hashable type;

6.i/3

Ordered Sets of any nonlimited ordered type;

6.i.1/3

Multiway Trees of any nonlimited type;

6.i.2/3

Holders of any (indefinite) nonlimited type;

6.i.3/3

Synchronized queues of any definite nonlimited type; and

6.i.4/3

Priority queues of any definite nonlimited type.

6.j/3

note

Separate versions for definite and indefinite element types are provided, as those for definite types can be implemented more efficiently. Similarly, a separate bounded version is provided in order to give more predictable memory usage.

6.k/2

note

Each container includes a cursor, which is a reference to an element within a container. Cursors generally remain valid as long as the container exists and the element referenced is not deleted. Many operations on cursors are common to all of the containers. This makes it possible to write generic algorithms that work on any kind of container.

6.l/2

note

The containers packages are structured so that additional packages can be added in the future. Indeed, we hope that these packages provide the basis for a more extensive secondary standard for containers.

6.m/2

note

If containers with similar functionality (but different performance characteristics) are provided (by the implementation or by a secondary standard), we suggest that a prefix be used to identify the class of the functionality: "Ada.Containers.Bounded_Sets" (for a set with a maximum number of elements); "Ada.Containers.Protected_Maps" (for a map which can be accessed by multiple tasks at one time); "Ada.Containers.Persistent_Vectors" (for a persistent vector which continues to exist between executions of a program) and so on.

6.n/2

note

Note that the language already includes several requirements that are important to the use of containers. These include:

6.o/5

Library packages must allow concurrent calls – multiple tasks can use the packages as long as they operate on separate containers. Thus, it is only necessary for a user to protect a container if a single container needs to be used by multiple tasks and concurrent calls to operations of the container have overlapping parameters.

6.p/2

Language-defined types must stream "properly". That means that the stream attributes can be used to implement persistence of containers when necessary, and containers can be passed between partitions of a program.

6.q/2

Equality of language-defined types must compose “properly”. This means that the version of "=" directly used by users is the same one that will be used in generics and in predefined equality operators of types with components of the containers and/or cursors. This prevents the abstraction from breaking unexpectedly.

6.q.1/3

Redispatching is not allowed (unless it is required). That means that overriding a container operation will not change the behavior of any other predefined container operation. This provides a stable base for extensions.

6.r/5

note

If a container's element type is controlled, the point at which the element is finalized will depend on the implementation of the container. For certain kinds of containers, we require finalization behavior based on the canonical implementation of the container (see the Implementation Requirements below). For the "normal" containers, we do not specify precisely where this will happen (it will happen no later than the finalization of the container, of course) in order to give implementations flexibility to cache, block, split , or reusethe nodes of the container.

6.s/5

note

This paragraph was deleted.

6.t/2

note

The use of controlled types also brings up the possibility of failure of finalization (and thus deallocation) of an element. This is a “serious bug”, as AI95-179 puts it, so we don't try to specify what happens in that case. The implementation should propagate the exception.

6.u/2

implementation note

It is expected that exceptions propagated from these operations do not damage containers. That is, if Storage_Error is propagated because of an allocation failure, or Constraint_Error is propagated by the assignment of elements, the container can continue to be used without further exceptions. The intent is that it should be possible to recover from errors without losing data. We don't try to state this formally in most cases, because it is hard to define precisely what is and is not allowed behavior.

6.v/5

implementation note

When this clause says that the behavior of something is unspecified, we really mean that any result of executing Ada code short of erroneous execution is allowed. We do not mean that memory not belonging to the parameters of the operation can be trashed. When we mean to allow erroneous behavior, we specifically say that execution is erroneous. All this means that, if the containers are written in Ada, checks should not be suppressed or removed assuming some behavior of other code, and that the implementation should take care to avoid creating internal dangling accesses by assuming behavior from generic formals that can't be guaranteed. We don't try to say this normatively because it would be fairly complex, and implementers are unlikely to increase their support costs by fielding implementations that are unstable if given buggy hash functions, et al.

Static Semantics

7/4

Certain subprograms declared within instances of some of the generic packages presented in this clause are said to perform indefinite insertion. These subprograms are those corresponding (in the sense of the copying described in subclause 12.3) to subprograms that have formal parameters of a generic formal indefinite type and that are identified as performing indefinite insertion in the subclause defining the generic package.

8/4

If a subprogram performs indefinite insertion, then certain run-time checks are performed as part of a call to the subprogram; if any of these checks fail, then the resulting exception is propagated to the caller and the container is not modified by the call. These checks are performed for each parameter corresponding (in the sense of the copying described in 12.3) to a parameter in the corresponding generic whose type is a generic formal indefinite type. The checks performed for a given parameter are those checks explicitly specified in subclause 4.8 that would be performed as part of the evaluation of an initialized allocator whose access type is declared immediately within the instance, where:

9/4

the value of the qualified_expression is that of the parameter; and

10/4

the designated subtype of the access type is the subtype of the parameter; and

11/4

finalization of the collection of the access type has started if and only if the finalization of the instance has started.

11.a/4

discussion

The phrase "explicitly specified" means those checks for which subclause 4.8 includes the phrase "<some exception> is raised if ...". It does not refer, for example, to any checks performed as part of any subtype conversion. In particular, this wording includes the checks described in subclause 4.8 to be performed in the case of a class-wide designated type, and of a designated subtype that has access discriminant parts. These checks are needed to prevent containers from outliving their contained (Element_Type or Key_Type) values.

11.b/4

implementation note

These rules have a dual purpose. Mainly, we are requiring checks needed to prevent dangling references. As a side effect, we are also allowing checks needed to permit an implementation of a container generic to make use of access types in a straightforward way. As an example of the second purpose, suppose that an implementation does declare such an access type and suppose further that the finalization of the collection of the access type has started. These rules allow Program_Error to be propagated in this case (as specified in 4.8); this is necessary to allow an all-Ada implementation of these packages.

Implementation Requirements

12/5

For an indefinite container (one whose type is defined in an instance of a child package of Containers whose defining_identifier contains "Indefinite"), each element of the container shall be created when it is inserted into the container and finalized when it is deleted from the container (or when the container object is finalized if the element has not been deleted). For a bounded container (one whose type is defined in an instance of a child package of Containers whose defining_identifier starts with "Bounded") that is not an indefinite container, all of the elements of the capacity of the container shall be created and default initialized when the container object is created; the elements shall be finalized when the container object is finalized. [For other kinds of containers, when elements are created and finalized is unspecified.]

12.a/5

ramification

This allows a user to be able to reason about the behavior of elements that have controlled parts. In most cases, such elements need to be stored in an indefinite container.

12.b/5

implementation note

If the containers are implemented in Ada, this implies that elements for an indefinite container are allocated individually, and that a bounded container contains an array of elements or other data structure that is initialized for the entire capacity of the container when it is created. There is no such restriction on the implementation of the "normal" containers; these can be handled in any way convenient to the implementation — in particular, node reuse is allowed.

13/5

For an instance I of a container package with a container type, the specific type T of the object returned from a function that returns an object of an iterator interface, as well as the primitive operations of T, shall be nonblocking. The Global aspect specified for T and the primitive operations of T shall be (in all, out synchronized) or a specification that allows access to fewer global objects.

13.a/5

implementation note

This requires that the traversal and iteration operations of a container do not create, destroy, or assign any objects of a formal type of I, nor call any formal subprograms of I. Those objects and subprograms might be blocking (depending on the actual parameters). We put similar requirements on the individual traversal operations in the container package definitions.

13.b/5

reason

These requirements allows users to use container iterators inside of parallel constructs, regardless of the actual parameters to the instantiation. If such an iterator allowed blocking, it would be illegal inside of a parallel construct (see 9.5). If such an iterator allowed writing of unsynchronized global objects, it would be illegal when the default conflict checking policy is in effect (see 9.10.1). These requirements include sequential iterators; the iterator does not need to appear in a parallel loop to trigger these requirements.

13.c/5

discussion

We have to give these requirements as a text rule, as there is no place to declare suitable aspects. The specific type of a container iterator is declared by the implementation and is not part of the visible specification (iterator functions just return a value of a class-wide type). The iterator interface itself cannot impose such a requirement since it needs to be able to work with user-defined types that do need to allow blocking. We give this as a global requirement to avoid duplication.

Extensions to Ada 95

13.d/3

note

This subclause is new. It just provides an introduction to the following subclauses.

Wording Changes from Ada 2005

13.e/3

correction

Added a definition of strict weak ordering.

Extensions to Ada 2012

13.f/5

correction

We now say that a cursor only overlaps with the element it designates, rather than with the whole container. This allows some reading operations to operate on the container in parallel without separate synchronization.

Wording Changes from Ada 2012

13.g/4

note

Corrigendum: Added a definition of “performs indefinite insertion”. This is used in other subclauses and any resulting inconsistencies are documented there.

13.h/5

note

Moved the basic description of tampering checks here, to cut duplication in description of the individual containers. Added a description of stable views of containers.

13.i/5

note

Added a global requirement that iterators returned from containers are nonblocking if the instance is nonblocking.

13.j/5

correction

Defined when objects are created and finalized for Bounded and Indefinite containers, so that these can be used reliably with controlled element types. This is not incompatible as this behavior was previously unspecified; code depending on specific behavior was wrong.

13.k/5

note

Added a definition of “smallest first” ordering, so that the behavior of the Sort procedures when elements are equal is well-defined.

A.18.1 The Package Containers

1/2

The package Containers is the root of the containers subsystem.

Static Semantics

2/2

The library package Containers has the following declaration:

3/5

package Ada.Containers 
   with  Pure is 
4/2type Hash_Type is mod implementation-defined;
5/2type Count_Type is range 0 .. implementation-defined;
5.1/3
Capacity_Error : exception;
6/2end Ada.Containers;

7/2

Hash_Type represents the range of the result of a hash function. Count_Type represents the (potential or actual) number of elements of a container.

7.a/2

implementation defined

The value of Containers.Hash_Type'Modulus. The value of Containers.Count_Type'Last.

7.1/3

Capacity_Error is raised when the capacity of a container is exceeded.

Implementation Advice

8/2

Hash_Type'Modulus should be at least 2**32. Count_Type'Last should be at least 2**31–1.

8.a/2

implementation advice

Containers.Hash_Type'Modulus should be at least 2**32. Containers.Count_Type'Last should be at least 2**31–1.

8.b/2

discussion

This is not a requirement so that these types can be declared properly on machines with native sizes that are not 32 bits. For instance, a 24-bit target could use 2**24 for Hash_Type'Modulus.

Extensions to Ada 95

8.c/2

note

The package Containers is new.

Incompatibilities With Ada 2005

8.d/3

note

Exception Capacity_Error is added to Containers. If Containers is referenced in a use_clause, and an entity with the name Capacity_Error is defined in a package that is also referenced in a use_clause, the entity Capacity_Error may no longer be use-visible, resulting in errors. This should be rare and is easily fixed if it does occur.

A.18.2 The Generic Package Containers.Vectors

1/2

The language-defined generic package Containers.Vectors provides private types Vector and Cursor, and a set of operations for each type. A vector container allows insertion and deletion at any position, but it is specifically optimized for insertion and deletion at the high end (the end with the higher index) of the container. A vector container also provides random access to its elements.

2/2

A vector container behaves conceptually as an array that expands as necessary as items are inserted. The length of a vector is the number of elements that the vector contains. The capacity of a vector is the maximum number of elements that can be inserted into the vector prior to it being automatically expanded.

3/2

Elements in a vector container can be referred to by an index value of a generic formal type. The first element of a vector always has its index value equal to the lower bound of the formal type.

4/2

A vector container may contain empty elements. Empty elements do not have a specified value.

4.a/2

implementation note

Vectors are not intended to be sparse (that is, there are elements at all defined positions). Users are expected to use other containers (like a Map) when they need sparse structures (there is a Note to this effect at the end of this subclause).

4.b/2

note

The internal array is a conceptual model of a vector. There is no requirement for an implementation to be a single contiguous array.

Static Semantics

5/2

The generic library package Containers.Vectors has the following declaration:

6/5

with Ada.Iterator_Interfaces;
generic
   type Index_Type is range <>;
   type Element_Type is private;
   with function "=" (Left, Right : Element_Type)
      return Boolean is <>;
package Ada.Containers.Vectors 
   with Preelaborate, Remote_Types,
        Nonblocking, Global => in out synchronized is 

6.a/5

discussion

For the Global aspect, any side-effects of the actual parameters of an instance are ignored. So Global => in out synchronized means that the only global side-effects allowed are associated with the actual generic parameters of the instance or with any synchronized state. Unsynchronized package state is not allowed for any container package, and pure packages do not allow any package state at all (they typically have Global => null).

6.b/5

note

Similarly, when Nonblocking is set to True for a generic unit, it still includes the blocking effects of the actual parameters to the instance. Thus, the only blocking allowed is that associated with the actual generic parameters. If none of the actual paramerters allow blocking, then no operation of the generic instance may block.

7/2

subtype Extended_Index is
      Index_Type'Base range
         Index_Type'First-1 ..
         Index_Type'Min (Index_Type'Base'Last - 1, Index_Type'Last) + 1;
   No_Index : constant Extended_Index := Extended_Index'First;

7.a/5

ramification

The base type of a scalar type is always nonblocking and has Global => null. Therefore, so long as this type is used in the implementation, whether or not the actual type for Index_Type allows blocking or side-effects does not matter. Therefore, we require that operations that only operate on the container implementation be nonblocking and have Global => null regardless of the actual parameters.

8/5

type Vector is tagged private
      with Constant_Indexing => Constant_Reference,
           Variable_Indexing => Reference,
           Default_Iterator  => Iterate,
           Iterator_Element  => Element_Type,
           Iterator_View     => Stable.Vector,
           Aggregate         => (Empty          => Empty,
                                 Add_Unnamed    => Append,
                                 New_Indexed    => New_Vector,
                                 Assign_Indexed => Replace_Element),
           Stable_Properties => (Length, Capacity,
                                 Tampering_With_Cursors_Prohibited,
                                 Tampering_With_Elements_Prohibited),
           Default_Initial_Condition =>
              Length (Vector) = 0 and then
              (not Tampering_With_Cursors_Prohibited (Vector)) and then
              (not Tampering_With_Elements_Prohibited (Vector)), 
            Preelaborable_Initialization ;
9/5
type Cursor is private 
      with  Preelaborable_Initialization ;
10/2Empty_Vector : constant Vector;
11/2No_Element : constant Cursor;
11.1/5
function Has_Element (Position : Cursor) return Boolean
      with Nonblocking, Global => in all, Use_Formal => null;

11.a/5

discussion

Any operation that takes a cursor but no vector can read the vector associated with the cursor. We only know that there is some object of type Vector. Since we don't have a global specification that describes all objects of a specific type, we have to allow reading any object by specifying in all. For such functions, we don't allow writing any object, even those associated with generic formal parameters, thus we also specify Use_Formal => null.

11.2/5

function Has_Element (Container : Vector; Position : Cursor)
      return Boolean
      with Nonblocking, Global => null, Use_Formal => null;

11.b/5

discussion

For operations that do not depend on any of the operations of the generic formal parameters (including those of formal types), we specify that the operation has no side-effects of any kind. This requires specifying that there is no dependence on the generic formal parameters with Use_Formal => null in addition to no usual side-effects with null. We also specify Nonblocking on such operations in order that the operation never blocks even if some of the actual parameters allow blocking.

11.3/5

package Vector_Iterator_Interfaces is new
       Ada.Iterator_Interfaces (Cursor, Has_Element);
12/2function "=" (Left, Right : Vector) return Boolean;
12.1/5
function Tampering_With_Cursors_Prohibited
      (Container : Vector) return Boolean
      with Nonblocking, Global => null, Use_Formal => null;
12.2/5
function Tampering_With_Elements_Prohibited
      (Container : Vector) return Boolean
      with Nonblocking, Global => null, Use_Formal => null;
12.3/5
function Maximum_Length return Count_Type
      with Nonblocking, Global => null, Use_Formal => null;
12.4/5
function Empty (Capacity : Count_Type := implementation-defined)
      return Vector
      with Pre  => Capacity <= Maximum_Length
                      or else raise Constraint_Error,
           Post =>
              Capacity (Empty'Result) >= Capacity and then
              not Tampering_With_Elements_Prohibited (Empty'Result) and then
              not Tampering_With_Cursors_Prohibited (Empty'Result) and then
              Length (Empty'Result) = 0;
13/5
function To_Vector (Length : Count_Type) return Vector
      with Pre  => Length <= Maximum_Length or else raise Constraint_Error,
           Post =>
              To_Vector'Result.Length = Length and then
              not Tampering_With_Elements_Prohibited (To_Vector'Result)
                and then
              not Tampering_With_Cursors_Prohibited (To_Vector'Result)
                and then
              To_Vector'Result.Capacity >= Length;
14/5
function To_Vector
     (New_Item : Element_Type;
      Length   : Count_Type) return Vector
      with Pre  => Length <= Maximum_Length or else raise Constraint_Error,
           Post =>
              To_Vector'Result.Length = Length and then
              not Tampering_With_Elements_Prohibited (To_Vector'Result)
                and then
              not Tampering_With_Cursors_Prohibited (To_Vector'Result)
                and then
              To_Vector'Result.Capacity >= Length;
14.1/5
function New_Vector (First, Last : Index_Type) return Vector is
        (To_Vector (Count_Type (Last - First + 1)))
     with Pre => First = Index_Type'First;
15/5
function "&" (Left, Right : Vector) return Vector
      with Pre  => Length (Left) <= Maximum_Length - Length (Right)
                     or else raise Constraint_Error,
           Post => Length (Vectors."&"'Result) =
                     Length (Left) + Length (Right) and then
                   not Tampering_With_Elements_Prohibited
                     (Vectors."&"'Result) and then
                   not Tampering_With_Cursors_Prohibited
                     (Vectors."&"'Result) and then
                   Vectors."&"'Result.Capacity >= 
                     Length (Left) + Length (Right);
16/5
function "&" (Left  : Vector;
                 Right : Element_Type) return Vector
      with Pre  => Length (Left) <= Maximum_Length - 1
                     or else raise Constraint_Error,
           Post => Vectors."&"'Result.Length = Length (Left) + 1 and then
                   not Tampering_With_Elements_Prohibited
                     (Vectors."&"'Result) and then
                   not Tampering_With_Cursors_Prohibited
                     (Vectors."&"'Result) and then
                   Vectors."&"'Result.Capacity >= Length (Left) + 1;
17/5
function "&" (Left  : Element_Type;
                 Right : Vector) return Vector
      with Pre  => Length (Right) <= Maximum_Length - 1
                     or else raise Constraint_Error,
           Post => Length (Vectors."&"'Result) = Length (Right) + 1 and then
                   not Tampering_With_Elements_Prohibited
                     (Vectors."&"'Result) and then
                   not Tampering_With_Cursors_Prohibited
                     (Vectors."&"'Result) and then
                   Vectors."&"'Result.Capacity >= Length (Right) + 1;
18/5
function "&" (Left, Right  : Element_Type) return Vector
      with Pre  => Maximum_Length >= 2 or else raise Constraint_Error,
           Post => Length ("&"'Result) = 2 and then
                   not Tampering_With_Elements_Prohibited
                     (Vectors."&"'Result) and then
                   not Tampering_With_Cursors_Prohibited
                     (Vectors."&"'Result) and then
                   Vectors."&"'Result.Capacity >= 2;
19/5
function Capacity (Container : Vector) return Count_Type
      with Nonblocking, Global => null, Use_Formal => null;
20/5
procedure Reserve_Capacity (Container : in out Vector;
                               Capacity  : in     Count_Type)
      with Pre  => not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error,
           Post => Container.Capacity >= Capacity;
21/5
function Length (Container : Vector) return Count_Type
      with Nonblocking, Global => null, Use_Formal => null;
22/5
procedure Set_Length (Container : in out Vector;
                         Length    : in     Count_Type)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Length <= Maximum_Length
                      or else raise Constraint_Error),
           Post => Container.Length = Length and then
                   Capacity (Container) >= Length;
23/5
function Is_Empty (Container : Vector) return Boolean
      with Nonblocking, Global => null, Use_Formal => null,
           Post => Is_Empty'Result = (Length (Container) = 0);
24/5
procedure Clear (Container : in out Vector)
      with Pre  => not Tampering_With_Cursors_Prohibited (Container)
                       or else raise Program_Error,
           Post => Length (Container) = 0;
25/5
function To_Cursor (Container : Vector;
                       Index     : Extended_Index) return Cursor
      with Post => (if Index in
                      First_Index (Container) .. Last_Index (Container)
                    then Has_Element (Container, To_Cursor'Result)
                    else To_Cursor'Result = No_Element),
           Nonblocking, Global => null, Use_Formal => null;
26/5
function To_Index (Position  : Cursor) return Extended_Index
      with Nonblocking, Global => in all;
26.1/5
function To_Index (Container : Vector;
                      Position  : Cursor) return Extended_Index
      with Pre  => Position = No_Element or else
                   Has_Element (Container, Position) or else
                      raise Program_Error,
           Post => (if Position = No_Element then To_Index'Result = No_Index
                    else To_Index'Result in First_Index (Container) ..
                           Last_Index (Container)),
           Nonblocking, Global => null, Use_Formal => null;
27/5
function Element (Container : Vector;
                     Index     : Index_Type)
      return Element_Type
      with Pre  => Index in
                        First_Index (Container) .. Last_Index (Container)
                      or else raise Constraint_Error,
           Nonblocking, Global => null, Use_Formal => Element_Type;

27.a/5

discussion

Here the Nonblocking and Global contracts are saying that Element depends on the properties of the actual for Element_Type, but not on the properties of the actuals for Index_Type or "=". This is necessary as copying the element may require calling Adjust and Finalize for the actual Element_Type, and those may have side-effects or block.

28/5

function Element (Position : Cursor) return Element_Type
      with Pre  => Position /= No_Element or else raise Constraint_Error,
           Nonblocking, Global => in all, Use_Formal => Element_Type;
28.1/5
function Element (Container : Vector;
                     Position  : Cursor) return Element_Type
      with Pre => (Position /= No_Element or else
                      raise Constraint_Error) and then
                   (Has_Element (Container, Position)
                      or else raise Program_Error),
           Nonblocking, Global => null, Use_Formal => Element_Type;
29/5
procedure Replace_Element (Container : in out Vector;
                              Index     : in     Index_Type;
                              New_Item  : in     Element_Type)
      with Pre => (not Tampering_With_Elements_Prohibited (Container)
                     or else raise Program_Error) and then
                  (Index in
                     First_Index (Container) .. Last_Index (Container)
                     or else raise Constraint_Error);
30/5
procedure Replace_Element (Container : in out Vector;
                              Position  : in     Cursor;
                              New_item  : in     Element_Type)
      with Pre  => (not Tampering_With_Elements_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Position /= No_Element
                      or else raise Constraint_Error) and then
                   (Has_Element (Container, Position)
                      or else raise Program_Error);
31/5
procedure Query_Element
     (Container : in Vector;
      Index     : in Index_Type;
      Process   : not null access procedure (Element : in Element_Type))
      with Pre  => Index in
                      First_Index (Container) .. Last_Index (Container)
                      or else raise Constraint_Error;
32/5
procedure Query_Element
     (Position : in Cursor;
      Process  : not null access procedure (Element : in Element_Type))
      with Pre  => Position /= No_Element or else raise Constraint_Error,
           Global => in all;
32.1/5
procedure Query_Element
     (Container : in Vector;
      Position  : in Cursor;
      Process   : not null access procedure (Element : in Element_Type))
      with Pre  => (Position /= No_Element
                       or else raise Constraint_Error) and then
                    (Has_Element (Container, Position)
                       or else raise Program_Error);
33/5
procedure Update_Element
     (Container : in out Vector;
      Index     : in     Index_Type;
      Process   : not null access procedure
                      (Element : in out Element_Type))
      with Pre  => Index in
                      First_Index (Container) .. Last_Index (Container)
                      or else raise Constraint_Error;
34/5
procedure Update_Element
     (Container : in out Vector;
      Position  : in     Cursor;
      Process   : not null access procedure
                      (Element : in out Element_Type))
      with Pre  => (Position /= No_Element
                      or else raise Constraint_Error) and then
                    (Has_Element (Container, Position)
                      or else raise Program_Error);
34.1/5
type Constant_Reference_Type
         (Element : not null access constant Element_Type) is private
      with Implicit_Dereference => Element,
           Nonblocking, Global => in out synchronized,
           Default_Initial_Condition => (raise Program_Error);

34.a/5

discussion

Finalization of this type will update the tampering counter of an associated container. We know this has to be an object of type Vector, but we don't have a way to specify that. We need this separate Global in case an object of this type is declared to exist separately from the short-lived object associated with a call of the Constant_Reference function.

34.2/5

type Reference_Type (Element : not null access Element_Type) is private
      with Implicit_Dereference => Element,
           Nonblocking, Global => in out synchronized,
           Default_Initial_Condition => (raise Program_Error);
34.3/5
function Constant_Reference (Container : aliased in Vector;
                                Index     : in Index_Type)
      return Constant_Reference_Type
      with Pre    => Index in
                        First_Index (Container) .. Last_Index (Container)
                        or else raise Constraint_Error,
           Post   => Tampering_With_Cursors_Prohibited (Container),
           Nonblocking, Global => null, Use_Formal => null;
34.4/5
function Reference (Container : aliased in out Vector;
                       Index     : in Index_Type)
      return Reference_Type
      with Pre    => Index in
                        First_Index (Container) .. Last_Index (Container)
                        or else raise Constraint_Error,
           Post   => Tampering_With_Cursors_Prohibited (Container),
           Nonblocking, Global => null, Use_Formal => null;
34.5/5
function Constant_Reference (Container : aliased in Vector;
                                Position  : in Cursor)
      return Constant_Reference_Type
      with Pre  => (Position /= No_Element
                       or else raise Constraint_Error) and then
                    (Has_Element (Container, Position)
                       or else raise Program_Error),
           Post   => Tampering_With_Cursors_Prohibited (Container),
           Nonblocking, Global => null, Use_Formal => null;
34.6/5
function Reference (Container : aliased in out Vector;
                       Position  : in Cursor)
      return Reference_Type
      with Pre  => (Position /= No_Element
                       or else raise Constraint_Error) and then
                    (Has_Element (Container, Position)
                       or else raise Program_Error),
           Post   => Tampering_With_Cursors_Prohibited (Container),
           Nonblocking, Global => null, Use_Formal => null;
34.7/5
procedure Assign (Target : in out Vector; Source : in Vector)
      with Pre  => not Tampering_With_Cursors_Prohibited (Target)
                      or else raise Program_Error,
           Post => Length (Source) = Length (Target) and then
                   Capacity (Target) >= Length (Target);
34.8/5
function Copy (Source : Vector; Capacity : Count_Type := 0)
      return Vector
      with Pre => Capacity = 0 or else Capacity >= Length (Source)
                      or else raise Capacity_Error,
           Post => Length (Copy'Result) = Length (Source) and then
                   not Tampering_With_Elements_Prohibited (Copy'Result)
                      and then
                   not Tampering_With_Cursors_Prohibited (Copy'Result)
                      and then
                   Copy'Result.Capacity >= (if Capacity = 0 then
                      Length (Source) else Capacity);
35/5
procedure Move (Target : in out Vector;
                   Source : in out Vector)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Target)
                       or else raise Program_Error) and then
                   (not Tampering_With_Cursors_Prohibited (Source)
                       or else raise Program_Error),
           Post => (if not Target'Has_Same_Storage (Source) then
                       Length (Target) = Length (Source)'Old and then
                       Length (Source) = 0 and then
                       Capacity (Target) >= Length (Source)'Old);
36/5
procedure Insert_Vector  (Container : in out Vector;
                            Before    : in     Extended_Index;
                            New_Item  : in     Vector)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Before in
                      First_Index (Container) .. Last_Index (Container) + 1
                      or else raise Constraint_Error) and then
                   (Length (Container) <= Maximum_Length - Length (New_Item)
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Length (New_Item) =
                      Length (Container) and then
                   Capacity (Container) >= Length (Container);
37/5
procedure Insert_Vector  (Container : in out Vector;
                            Before    : in     Cursor;
                            New_Item  : in     Vector)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Before = No_Element or else
                    Has_Element (Container, Before)
                      or else raise Program_Error) and then
                   (Length (Container) <= Maximum_Length - Length (New_Item)
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Length (New_Item) =
                      Length (Container) and then
                   Capacity (Container) >= Length (Container);
38/5
procedure Insert_Vector  (Container : in out Vector;
                            Before    : in     Cursor;
                            New_Item  : in     Vector;
                            Position  :    out Cursor)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Before = No_Element or else
                    Has_Element (Container, Before)
                      or else raise Program_Error) and then
                   (Length (Container) <= Maximum_Length - Length (New_Item)
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Length (New_Item) =
                      Length (Container) and then
                   Has_Element (Container, Position) and then
                   Capacity (Container) >= Length (Container);
39/5
procedure Insert (Container : in out Vector;
                     Before    : in     Extended_Index;
                     New_Item  : in     Element_Type;
                     Count     : in     Count_Type := 1)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Before in
                      First_Index (Container) .. Last_Index (Container) + 1
                      or else raise Constraint_Error) and then
                   (Length (Container) <= Maximum_Length - Count
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Count =
                      Length (Container) and then
                   Capacity (Container) >= Length (Container);
40/5
procedure Insert (Container : in out Vector;
                     Before    : in     Cursor;
                     New_Item  : in     Element_Type;
                     Count     : in     Count_Type := 1)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Before = No_Element or else
                    Has_Element (Container, Before)
                      or else raise Program_Error) and then
                   (Length (Container) <= Maximum_Length - Count
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Count =
                      Length (Container) and then
                   Capacity (Container) >= Length (Container);
41/5
procedure Insert (Container : in out Vector;
                     Before    : in     Cursor;
                     New_Item  : in     Element_Type;
                     Position  :    out Cursor;
                     Count     : in     Count_Type := 1)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Before = No_Element or else
                    Has_Element (Container, Before)
                      or else raise Program_Error) and then
                   (Length (Container) <= Maximum_Length - Count
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Count =
                      Length (Container) and then
                   Has_Element (Container, Position) and then
                   Capacity (Container) >= Length (Container);
42/5
procedure Insert (Container : in out Vector;
                     Before    : in     Extended_Index;
                     Count     : in     Count_Type := 1)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Before in
                      First_Index (Container) .. Last_Index (Container) + 1
                      or else raise Constraint_Error) and then
                   (Length (Container) <= Maximum_Length - Count
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Count =
                      Length (Container) and then
                   Capacity (Container) >= Length (Container);
43/5
procedure Insert (Container : in out Vector;
                     Before    : in     Cursor;
                     Position  :    out Cursor;
                     Count     : in     Count_Type := 1)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Before = No_Element or else
                    Has_Element (Container, Before)
                      or else raise Program_Error) and then
                   (Length (Container) <= Maximum_Length - Count
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Count = Length (Container)
                   and then Has_Element (Container, Position) and then
                   Capacity (Container) >= Length (Container);
44/5
procedure Prepend_Vector  (Container : in out Vector;
                             New_Item  : in     Vector)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Length (Container) <= Maximum_Length - Length (New_Item)
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Length (New_Item) =
                      Length (Container) and then
                   Capacity (Container) >= Length (Container);
45/5
procedure Prepend (Container : in out Vector;
                      New_Item  : in     Element_Type;
                      Count     : in     Count_Type := 1)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Length (Container) <= Maximum_Length - Count
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Count =
                      Length (Container) and then
                   Capacity (Container) >= Length (Container);
46/5
procedure Append_Vector  (Container : in out Vector;
                            New_Item  : in     Vector)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Length (Container) <= Maximum_Length - Length (New_Item)
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Length (New_Item) =
                      Length (Container) and then
                   Capacity (Container) >= Length (Container);
47/5
procedure Append (Container : in out Vector;
                     New_Item  : in     Element_Type;
                     Count     : in     Count_Type )
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                       or else raise Program_Error) and then
                   (Length (Container) <= Maximum_Length - Count
                       or else raise Constraint_Error),
           Post => 
              Length (Container)'Old + Count = Length (Container) and then
              Capacity (Container) >= Length (Container);
47.1/5
procedure Append (Container : in out Vector;
                     New_Item  : in     Element_Type)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                       or else raise Program_Error) and then
                   (Length (Container) <= Maximum_Length - 1
                       or else raise Constraint_Error),
           Post => Length (Container)'Old + 1 = Length (Container) and then
                   Capacity (Container) >= Length (Container);
48/5
procedure Insert_Space (Container : in out Vector;
                           Before    : in     Extended_Index;
                           Count     : in     Count_Type := 1)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Before in
                      First_Index (Container) .. Last_Index (Container) + 1
                      or else raise Constraint_Error) and then
                   (Length (Container) <= Maximum_Length - Count
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Count =
                      Length (Container) and then
                   Capacity (Container) >= Length (Container);
49/5
procedure Insert_Space (Container : in out Vector;
                           Before    : in     Cursor;
                           Position  :    out Cursor;
                           Count     : in     Count_Type := 1)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Before = No_Element or else
                      Has_Element (Container, Before)
                      or else raise Program_Error) and then
                   (Length (Container) <= Maximum_Length - Count
                      or else raise Constraint_Error),
           Post => Length (Container)'Old + Count =
                      Length (Container) and then
                   Has_Element (Container, Position) and then
                   Capacity (Container) >= Length (Container);
50/5
procedure Delete (Container : in out Vector;
                     Index     : in     Extended_Index;
                     Count     : in     Count_Type := 1)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Index in
                      First_Index (Container) .. Last_Index (Container) + 1
                      or else raise Constraint_Error),
           Post => Length (Container)'Old - Count <=
                      Length (Container);
51/5
procedure Delete (Container : in out Vector;
                     Position  : in out Cursor;
                     Count     : in     Count_Type := 1)
      with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                      or else raise Program_Error) and then
                   (Position /= No_Element
                      or else raise Constraint_Error) and then
                   (Has_Element (Container, Position)
                      or else raise Program_Error),
           Post => Length (Container)'Old - Count <=
                      Length (Container) and then
                   Position = No_Element;
52/5
procedure Delete_First (Container : in out Vector;
                           Count     : in     Count_Type := 1)
      with Pre  => not Tampering_With_Cursors_Prohibited (Container)
                       or else raise Program_Error,
           Post => Length (Container)'Old - Count <= Length (Container);
53/5
procedure Delete_Last (Container : in out Vector;
                          Count     : in     Count_Type := 1)
      with Pre  => not Tampering_With_Cursors_Prohibited (Container)
                       or else raise Program_Error,
           Post => Length (Container)'Old - Count <= Length (Container);
54/5
procedure Reverse_Elements (Container : in out Vector)
      with Pre  => not Tampering_With_Cursors_Prohibited (Container)
                       or else raise Program_Error;
55/5
procedure Swap (Container : in out Vector;
                   I, J      : in     Index_Type)
      with Pre  => (not Tampering_With_Elements_Prohibited (Container)
                       or else raise Program_Error) and then
                  (I in First_Index (Container) .. Last_Index (Container)
                       or else raise Constraint_Error) and then
                  (J in First_Index (Container) .. Last_Index (Container)
                       or else raise Constraint_Error);
56/5
procedure Swap (Container : in out Vector;
                   I, J      : in     Cursor)
      with Pre  => (not Tampering_With_Elements_Prohibited (Container)
                       or else raise Program_Error) and then
                   (I /= No_Element or else Constraint_Error) and then
                   (J /= No_Element or else Constraint_Error) and then
                   (Has_Element (Container, I)
                       or else raise Program_Error) and then
                   (Has_Element (Container, J)
                       or else raise Program_Error);
57/5
function First_Index (Container : Vector) return Index_Type
      with Nonblocking, Global => null, Use_Formal => null,
           Post => First_Index'Result = Index_Type'First;
58/5
function First (Container : Vector) return Cursor
      with Nonblocking, Global => null, Use_Formal => null,
           Post => (if not Is_Empty (Container)
                    then Has_Element (Container, First'Result)
                    else First'Result = No_Element);
59/5
function First_Element (Container : Vector)
      return Element_Type
      with Pre => (not Is_Empty (Container) 
                      or else raise Constraint_Error);
60/5
function Last_Index (Container : Vector) return Extended_Index
      with Nonblocking, Global => null, Use_Formal => null,
           Post => (if Length (Container) = 0
                    then Last_Index'Result = No_Index
                    else Count_Type(Last_Index'Result - Index_Type'First) =
                         Length (Container) - 1);
61/5
function Last (Container : Vector) return Cursor
      with Nonblocking, Global => null, Use_Formal => null,
           Post => (if not Is_Empty (Container)
                    then Has_Element (Container, Last'Result)
                    else Last'Result = No_Element);
62/5
function Last_Element (Container : Vector)
      return Element_Type
      with Pre => (not Is_Empty (Container) 
                      or else raise Constraint_Error);
63/5
function Next (Position : Cursor) return Cursor
      with Nonblocking, Global => in all, Use_Formal => null,
           Post => (if Position = No_Element then Next'Result = No_Element);
63.1/5
function Next (Container : Vector; Position : Cursor) return Cursor
      with Nonblocking, Global => null, Use_Formal => null,
           Pre  => Position = No_Element or else
                   Has_Element (Container, Position)
                       or else raise Program_Error,
           Post => (if Position = No_Element then Next'Result = No_Element
                    elsif Has_Element (Container, Next'Result) then
                       To_Index (Container, Next'Result) =
                       To_Index (Container, Position) + 1
                    elsif Next'Result = No_Element then
                       Position = Last (Container)
                    else False);
64/5
procedure Next (Position : in out Cursor)
      with Nonblocking, Global => in all, Use_Formal => null;
64.1/5
procedure Next (Container : in     Vector;
                   Position  : in out Cursor)
      with Nonblocking, Global => null, Use_Formal => null,
           Pre  => Position = No_Element or else
                   Has_Element (Container, Position)
                       or else raise Program_Error,
           Post => (if Position /= No_Element
                    then Has_Element (Container, Position));
65/5
function Previous (Position : Cursor) return Cursor
      with Nonblocking, Global => in all, Use_Formal => null,
           Post => (if Position = No_Element
                    then Previous'Result = No_Element);
65.1/5
function Previous (Container : Vector;
                      Position  : Cursor) return Cursor
      with Nonblocking, Global => null, Use_Formal => null,
           Pre  => Position = No_Element or else
                   Has_Element (Container, Position)
                       or else raise Program_Error,
           Post => (if Position = No_Element
                    then Previous'Result = No_Element
                    elsif Has_Element (Container, Previous'Result) then
                       To_Index (Container, Previous'Result) =
                       To_Index (Container, Position) - 1
                    elsif Previous'Result = No_Element then
                       Position = First (Container)
                    else False);
66/5
procedure Previous (Position : in out Cursor)
      with Nonblocking, Global => in all, Use_Formal => null;
66.1/5
procedure Previous (Container : in     Vector;
                       Position  : in out Cursor)
      with Nonblocking, Global => null, Use_Formal => null,
           Pre  => Position = No_Element or else
                   Has_Element (Container, Position)
                       or else raise Program_Error,
           Post => (if Position /= No_Element
                    then Has_Element (Container, Position));
67/2function Find_Index (Container : Vector;
                        Item      : Element_Type;
                        Index     : Index_Type := Index_Type'First)
      return Extended_Index;
68/5
function Find (Container : Vector;
                  Item      : Element_Type;
                  Position  : Cursor := No_Element)
      return Cursor
      with Pre  => Position = No_Element or else
                   Has_Element (Container, Position)
                       or else raise Program_Error,
           Post => (if Find'Result /= No_Element
                    then Has_Element (Container, Find'Result));
69/2function Reverse_Find_Index (Container : Vector;
                                Item      : Element_Type;
                                Index     : Index_Type := Index_Type'Last)
      return Extended_Index;
70/5
function Reverse_Find (Container : Vector;
                          Item      : Element_Type;
                          Position  : Cursor := No_Element)
      return Cursor
      with Pre  => Position = No_Element or else
                   Has_Element (Container, Position)
                       or else raise Program_Error,
           Post => (if Reverse_Find'Result /= No_Element
                    then Has_Element (Container, Reverse_Find'Result));
71/2function Contains (Container : Vector;
                      Item      : Element_Type) return Boolean;
72/3
This paragraph was deleted.
73/5
procedure Iterate
     (Container : in Vector;
      Process   : not null access procedure (Position : in Cursor))
      with Allows_Exit;
74/5
procedure Reverse_Iterate
     (Container : in Vector;
      Process   : not null access procedure (Position : in Cursor))
      with Allows_Exit;
74.1/5
function Iterate (Container : in Vector)
      return Vector_Iterator_Interfaces.Parallel_Reversible_Iterator 'Class
      with Post   => Tampering_With_Cursors_Prohibited (Container);
74.2/5
function Iterate (Container : in Vector; Start : in Cursor)
      return Vector_Iterator_Interfaces.Reversible_Iterator'Class
      with Pre    => (Start /= No_Element
                            or else raise Constraint_Error) and then
                        (Has_Element (Container, Start)
                            or else raise Program_Error),
           Post   => Tampering_With_Cursors_Prohibited (Container);
75/5
generic
      with function "<" (Left, Right : Element_Type)
         return Boolean is <>;
   package Generic_Sorting
   with Nonblocking, Global => null is
76/2function Is_Sorted (Container : Vector) return Boolean;
77/5
procedure Sort (Container : in out Vector)
         with Pre  => not Tampering_With_Cursors_Prohibited (Container)
                          or else raise Program_Error;
78/5
procedure Merge (Target  : in out Vector;
                       Source  : in out Vector)
         with Pre  => (not Tampering_With_Cursors_Prohibited (Target)
                          or else raise Program_Error) and then
                      (not Tampering_With_Cursors_Prohibited (Source)
                          or else raise Program_Error) and then
                      (Length (Target) <= Maximum_Length - Length (Source)
                          or else raise Constraint_Error) and then
                      ((Length (Source) = 0 or else
                          not Target'Has_Same_Storage (Source))
                          or else raise Program_Error),
              Post => (declare
                          Result_Length : constant Count_Type :=
                             Length (Source)'Old + Length (Target)'Old;
                       begin
                          (Length (Source) = 0 and then
                           Length (Target) = Result_Length and then
                           Capacity (Target) >= Result_Length));
79/2end Generic_Sorting;
79.1/5
package Stable is
79.2/5
type Vector (Base : not null access Vectors.Vector) is
         tagged limited private
         with Constant_Indexing => Constant_Reference,
              Variable_Indexing => Reference,
              Default_Iterator  => Iterate,
              Iterator_Element  => Element_Type,
              Stable_Properties => (Length, Capacity),
              Global            => null,
              Default_Initial_Condition => Length (Vector) = 0,
              Preelaborable_Initialization;

79.a/5

discussion

The Global of null assumes that the user of a stable object is including effects associated with the access discriminant. For operations with in parameters (after any overriding), the object designated by the access discriminant is assumed to be read, and for other operations (including initialization and finalization) the object designated by the access discriminant is assumed to be read and updated.

79.3/5

type Cursor is private
         with Preelaborable_Initialization;
79.4/5
Empty_Vector : constant Vector;
79.5/5
No_Element : constant Cursor;
79.6/5
function Has_Element (Position : Cursor) return Boolean
         with Nonblocking, Global => in all, Use_Formal => null;
79.7/5
package Vector_Iterator_Interfaces is new
         Ada.Iterator_Interfaces (Cursor, Has_Element);
79.8/5
procedure Assign (Target : in out Vectors.Vector;
                        Source : in Vector)
         with Post => Length (Source) = Length (Target) and then
                     Capacity (Target) >= Length (Target);
79.9/5
function Copy (Source : Vectors.Vector) return Vector
         with Post => Length (Copy'Result) = Length (Source);
79.10/5
type Constant_Reference_Type
            (Element : not null access constant Element_Type) is private
         with Implicit_Dereference => Element,
              Nonblocking, Global => null, Use_Formal => null,
              Default_Initial_Condition => (raise Program_Error);
79.11/5
type Reference_Type
            (Element : not null access Element_Type) is private
         with Implicit_Dereference => Element,
              Nonblocking, Global => null, Use_Formal => null,
              Default_Initial_Condition => (raise Program_Error);
79.12/5
-- Additional subprograms as described in the text
      -- are declared here.
79.13/5
private
79.14/5
... -- not specified by the language
79.15/5
end Stable;
80/2private
81/2... -- not specified by the language
82/2end Ada.Containers.Vectors;

83/2

The actual function for the generic formal function "=" on Element_Type values is expected to define a reflexive and symmetric relationship and return the same result value each time it is called with a particular pair of values. If it behaves in some other manner, the functions defined to use it return an unspecified value. The exact arguments and number of calls of this generic formal function by the functions defined to use it are unspecified.

83.a/2

ramification

The “functions defined to use it” are Find, Find_Index, Reverse_Find, Reverse_Find_Index, and "=" for Vectors. This list is a bit too long to give explicitly.

83.b/2

note

If the actual function for "=" is not symmetric and consistent, the result returned by any of the functions defined to use "=" cannot be predicted. The implementation is not required to protect against "=" raising an exception, or returning random results, or any other “bad” behavior. And it can call "=" in whatever manner makes sense. But note that only the results of the functions defined to use "=" are unspecified; other subprograms are not allowed to break if "=" is bad.

84/2

The type Vector is used to represent vectors. The type Vector needs finalization (see 7.6).

85/2

Empty_Vector represents the empty vector object. It has a length of 0. If an object of type Vector is not otherwise initialized, it is initialized to the same value as Empty_Vector.

86/2

No_Element represents a cursor that designates no element. If an object of type Cursor is not otherwise initialized, it is initialized to the same value as No_Element.

87/5

The primitive "=" operator for type Cursor returns True if both cursors are No_Element, or designate the same element in the same container.

87.a/5

note

To be honest: “The primitive "=" operator” is the one with two parameters of type Cursor which returns Boolean. We're not talking about some other (hidden) primitive function named "=".

88/2

Execution of the default implementation of the Input, Output, Read, or Write attribute of type Cursor raises Program_Error.

88.a/2

reason

A cursor will probably be implemented in terms of one or more access values, and the effects of streaming access values is unspecified. Rather than letting the user stream junk by accident, we mandate that streaming of cursors raise Program_Error by default. The attributes can always be specified if there is a need to support streaming.

88.1/5

Vector'Write for a Vector object V writes Length(V) elements of the vector to the stream. It may also write additional information about the vector.

88.2/3

Vector'Read reads the representation of a vector from the stream, and assigns to Item a vector with the same length and elements as was written by Vector'Write.

88.b/3

implementation note

The Reference Manual requires streaming of all language-defined nonlimited types (including containers) to "work" (see 13.13.2). In addition, we do not want all of the elements that make up the capacity of the vector streamed, as those beyond the length of the container have undefined contents (and might cause bad things when read back in). This will require a custom stream attribute implementation; the language-defined default implementation will not work (even for a bounded form, as that would most likely stream the entire capacity of the vector). There is a separate requirement that the unbounded and Bounded form use the same streaming representation for the same element type, see A.18.19.

89/2

No_Index represents a position that does not correspond to any element. The subtype Extended_Index includes the indices covered by Index_Type plus the value No_Index and, if it exists, the successor to the Index_Type'Last.

89.a/2

discussion

We require the existence of Index_Type'First – 1, so that No_Index and Last_Index of an empty vector is well-defined. We don't require the existence of Index_Type'Last + 1, as it is only used as the position of insertions (and needs to be allowed only when inserting an empty vector).

89.1/5

89.b/5

reason

90/5

[Some operations check for “tampering with cursors” of a container because they depend on the set of elements of the container remaining constant, and others check for “tampering with elements” of a container because they depend on elements of the container not being replaced.] When tampering with cursors is prohibited for a particular vector object V, Program_Error is propagated by the finalization of V[, as well as by a call that passes V to certain of the operations of this package, as indicated by the precondition of such an operation]. Similarly, when tampering with elements is prohibited for V, Program_Error is propagated by a call that passes V to certain of the other operations of this package, as indicated by the precondition of such an operation.

Paragraphs 91 through 97 are removed as preconditions now describe these rules.

91/5

92/5

92.a/5

note

To be honest:

93/5

93.1/5

93.a.1/3

ramification

We don't need to explicitly mention assignment_statement, because that finalizes the target object as part of the operation, and finalization of an object is already defined as tampering with cursors.

discussion

reason

proof

function Has_Element (Position : Cursor) return Boolean
   with Nonblocking, Global => in all, Use_Formal => null;

97.3/3

Returns True if Position designates an element, and returns False otherwise.

97.c/3

note

To be honest: This function might not detect cursors that designate deleted elements; such cursors are invalid (see below) and the result of calling Has_Element with an invalid cursor is unspecified (but not erroneous).

97.4/5

function Has_Element (Container : Vector; Position : Cursor)
   return Boolean
   with Nonblocking, Global => null, Use_Formal => null;

97.5/5

Returns True if Position designates an element in Container, and returns False otherwise.

97.d/5

ramification

If Position is No_Element, Has_Element returns False.

98/2

function "=" (Left, Right : Vector) return Boolean;

99/3

If Left and Right denote the same vector object, then the function returns True. If Left and Right have different lengths, then the function returns False. Otherwise, it compares each element in Left to the corresponding element in Right using the generic formal equality operator. If any such comparison returns False, the function returns False; otherwise, it returns True. Any exception raised during evaluation of element equality is propagated.

99.a/2

implementation note

This wording describes the canonical semantics. However, the order and number of calls on the formal equality function is unspecified for all of the operations that use it in this package, so an implementation can call it as many or as few times as it needs to get the correct answer. Specifically, there is no requirement to call the formal equality additional times once the answer has been determined.

99.1/5

function Tampering_With_Cursors_Prohibited
   (Container : Vector) return Boolean
   with Nonblocking, Global => null, Use_Formal => null;

99.2/5

Returns True if tampering with cursors or tampering with elements is currently prohibited for Container, and returns False otherwise.

99.b/5

reason

Prohibiting tampering with elements also needs to prohibit tampering with cursors, as deleting an element is similar to replacing it.

99.c/5

implementation note

Various contracts elsewhere in this specification require that this function be implemented with synchronized data. Moreover, it is possible for tampering to be prohibited by multiple operations (sequentially or in parallel). Therefore, tampering needs to be implemented with an atomic or protected counter. The counter is initialized to zero, and is incremented when tampering is prohibited, and decremented when leaving an area that prohibited tampering. Function Tampering_With_Cursors_Prohibited returns True if the counter is nonzero. (Note that any case where the result is not well-defined for one task is incorrect use of shared variables and would be erroneous by the rules of 9.10, so no special protection is needed to read the counter.)

99.3/5

function Tampering_With_Elements_Prohibited
   (Container : Vector) return Boolean
   with Nonblocking, Global => null, Use_Formal => null;

99.4/5

Always returns False[, regardless of whether tampering with elements is prohibited].

99.d/5

reason

A definite element cannot change size, so we allow operations that tamper with elements even when tampering with elements is prohibited. That's not true for the indefinite containers, which is why this kind of tampering exists.

99.5/5

function Maximum_Length return Count_Type
   with Nonblocking, Global => null, Use_Formal => null;

99.6/5

Returns the maximum Length of a Vector, based on the index type.

99.e/5

implementation note

This is just:

99.f

  Count_Type (Index_Type'Last - Index_Type'First + 1)

99.g/5

note

but since the inner calculation can overflow or the type conversion can fail, this can't be evaluated in general with an expression function. Note that if this expression raises Constraint_Error, then the result is Count_Type'Last, since the Capacity of a Vector cannot exceed Count_Type'Last.

99.7/5

function Empty (Capacity : Count_Type := implementation-defined)
   return Vector
   with Pre  => Capacity <= Maximum_Length
                   or else raise Constraint_Error,
        Post => 
           Capacity (Empty'Result) >= Capacity and then
           not Tampering_With_Elements_Prohibited (Empty'Result) and then
           not Tampering_With_Cursors_Prohibited (Empty'Result) and then
           Length (Empty'Result) = 0;

99.8/5

Returns an empty vector.

100/5

function To_Vector (Length : Count_Type) return Vector
   with Pre  => Length <= Maximum_Length or else raise Constraint_Error,
        Post =>
           To_Vector'Result.Length = Length and then
           not Tampering_With_Elements_Prohibited (To_Vector'Result)
             and then
           not Tampering_With_Cursors_Prohibited (To_Vector'Result)
             and then
           To_Vector'Result.Capacity >= Length;

101/2

Returns a vector with a length of Length, filled with empty elements.

102/5

function To_Vector
  (New_Item : Element_Type;
   Length   : Count_Type) return Vector
   with Pre  => Length <= Maximum_Length or else raise Constraint_Error,
        Post =>
           To_Vector'Result.Length = Length and then
           not Tampering_With_Elements_Prohibited (To_Vector'Result)
             and then
           not Tampering_With_Cursors_Prohibited (To_Vector'Result)
             and then
        To_Vector'Result.Capacity >= Length;

103/2

Returns a vector with a length of Length, filled with elements initialized to the value New_Item.

104/5

function "&" (Left, Right : Vector) return Vector
   with Pre  => Length (Left) <= Maximum_Length - Length (Right)
                 or else raise Constraint_Error,
        Post => Length (Vectors."&"'Result) =
                   Length (Left) + Length (Right) and then
                not Tampering_With_Elements_Prohibited (Vectors."&"'Result)
                   and then
                not Tampering_With_Cursors_Prohibited (Vectors."&"'Result)
                   and then
                Vectors."&"'Result.Capacity >=
                   Length (Left) + Length (Right);

105/2

Returns a vector comprising the elements of Left followed by the elements of Right.

106/5

function "&" (Left  : Vector;
              Right : Element_Type) return Vector
   with Pre  => Length (Left) <= Maximum_Length - 1
                   or else raise Constraint_Error,
        Post => Vectors."&"'Result.Length = Length (Left) + 1 and then
                not Tampering_With_Elements_Prohibited (Vectors."&"'Result)
                   and then
                not Tampering_With_Cursors_Prohibited (Vectors."&"'Result)
                   and then
                Vectors."&"'Result.Capacity >= Length (Left) + 1;

107/2

Returns a vector comprising the elements of Left followed by the element Right.

108/5

function "&" (Left  : Element_Type;
              Right : Vector) return Vector
   with Pre  => Length (Right) <= Maximum_Length - 1
                   or else raise Constraint_Error,
        Post => Length (Vectors."&"'Result) = Length (Right) + 1 and then
                not Tampering_With_Elements_Prohibited (Vectors."&"'Result)
                   and then
                not Tampering_With_Cursors_Prohibited (Vectors."&"'Result)
                   and then
                Vectors."&"'Result.Capacity >= Length (Right) + 1;

109/2

Returns a vector comprising the element Left followed by the elements of Right.

110/5

function "&" (Left, Right  : Element_Type) return Vector
   with Pre  => Maximum_Length >= 2 or else raise Constraint_Error,
        Post => Length ("&"'Result) = 2 and then
                not Tampering_With_Elements_Prohibited (Vectors."&"'Result)
                   and then
                not Tampering_With_Cursors_Prohibited (Vectors."&"'Result)
                   and then
                Vectors."&"'Result.Capacity >= 2;

111/2

Returns a vector comprising the element Left followed by the element Right.

112/5

function Capacity (Container : Vector) return Count_Type
   with Nonblocking, Global => null, Use_Formal => null;

113/2

Returns the capacity of Container.

114/5

procedure Reserve_Capacity (Container : in out Vector;
                            Capacity  : in     Count_Type)
   with Pre  => not Tampering_With_Cursors_Prohibited (Container)
                 or else raise Program_Error,
        Post => Container.Capacity >= Capacity;

115/3

If the capacity of Container is already greater than or equal to Capacity, then Reserve_Capacity has no effect. Otherwise, Reserve_Capacity allocates additional storage as necessary to ensure that the length of the resulting vector can become at least the value Capacity without requiring an additional call to Reserve_Capacity, and is large enough to hold the current length of Container. Reserve_Capacity then, as necessary, moves elements into the new storage and deallocates any storage no longer needed. Any exception raised during allocation is propagated and Container is not modified.

115.a/2

discussion

Expanding the internal array can be done by allocating a new, longer array, copying the elements, and deallocating the original array. This may raise Storage_Error, or cause an exception from a controlled subprogram. We require that a failed Reserve_Capacity does not lose any elements if an exception occurs, but we do not require a specific order of evaluations or copying.

115.b/2

note

This routine is used to preallocate the internal array to the specified capacity such that future Inserts do not require memory allocation overhead. Therefore, the implementation should allocate the needed memory to make that true at this point, even though the visible semantics could be preserved by waiting until the memory is needed. This doesn't apply to the indefinite element container, because elements will have to be allocated individually.

115.c/2

note

The implementation does not have to contract the internal array if the capacity is reduced, as any capacity greater than or equal to the specified capacity is allowed.

116/5

function Length (Container : Vector) return Count_Type
   with Nonblocking, Global => null, Use_Formal => null;

117/2

Returns the number of elements in Container.

118/5

procedure Set_Length (Container : in out Vector;
                      Length    : in     Count_Type)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Length <= Maximum_Length or else raise Constraint_Error),
        Post => Container.Length = Length and then
                Capacity (Container) >= Length;

119/3

If Length is larger than the capacity of Container, Set_Length calls Reserve_Capacity (Container, Length), then sets the length of the Container to Length. If Length is greater than the original length of Container, empty elements are added to Container; otherwise, elements are removed from Container.

119.a/2

ramification

No elements are moved by this operation; any new empty elements are added at the end. This follows from the rules that a cursor continues to designate the same element unless the routine is defined to make the cursor ambiguous or invalid; this operation does not do that.

120/5

function Is_Empty (Container : Vector) return Boolean
   with Nonblocking, Global => null, Use_Formal => null,
        Post => Is_Empty'Result = (Length (Container) = 0);

121/5

Returns True if Container is empty .

122/5

procedure Clear (Container : in out Vector)
   with Pre  => not Tampering_With_Cursors_Prohibited (Container)
                    or else raise Program_Error,
        Post => Length (Container) = 0;

123/2

Removes all the elements from Container. The capacity of Container does not change.

124/5

function To_Cursor (Container : Vector;
                    Index     : Extended_Index) return Cursor
   with Post => (if Index in
                    First_Index (Container) .. Last_Index (Container)
                 then Has_Element (Container, To_Cursor'Result)
                 else To_Cursor'Result = No_Element),
        Nonblocking, Global => null, Use_Formal => null;

125/5

Returns a cursor designating the element at position Index in Container; returns No_Element if Index does not designate an element . For the purposes of determining whether the parameters overlap in a call to To_Cursor, the Container parameter is not considered to overlap with any object [(including itself)].

125.a/5

reason

Without the preceding rule, concurrent calls to To_Cursor on the same container would interfere by the concurrent call rules in Annex A, since the container object of the concurrent calls would overlap with itself. We want these to not interfere, for example to allow the Vector elements to be split into separate “chunks” for parallel processing.

126/5

function To_Index (Position  : Cursor) return Extended_Index
   with Nonblocking, Global => in all, Use_Formal => null;

127/2

If Position is No_Element, No_Index is returned. Otherwise, the index (within its containing vector) of the element designated by Position is returned.

127.a/2

ramification

This implies that the index is determinable from a bare cursor alone. The basic model is that a vector cursor is implemented as a record containing an access to the vector container and an index value. This does constrain implementations, but it also allows all of the cursor operations to be defined in terms of the corresponding index operation (which should be primary for a vector).

127.1/5

function To_Index (Container : Vector;
                   Position  : Cursor) return Extended_Index
   with Pre  => Position = No_Element or else
                Has_Element (Container, Position)  or else
                   raise Program_Error,
        Post => (if Position = No_Element then To_Index'Result = No_Index
                 else To_Index'Result in First_Index (Container) ..
                        Last_Index (Container)),
        Nonblocking, Global => null, Use_Formal => null;

127.2/5

Returns the index (within Container) of the element designated by Position; returns No_Index if Position does not designate an element. For the purposes of determining whether the parameters overlap in a call to To_Index, the Container parameter is not considered to overlap with any object [(including itself)].

128/5

function Element (Container : Vector;
                  Index     : Index_Type)
   return Element_Type
   with Pre  => Index in First_Index (Container) .. Last_Index (Container)
                   or else raise Constraint_Error,
        Nonblocking, Global => null, Use_Formal => Element_Type;

129/5

Element returns the element at position Index.

130/5

function Element (Position  : Cursor) return Element_Type
   with Pre  => Position /= No_Element or else raise Constraint_Error,
        Nonblocking, Global => in all, Use_Formal => Element_Type;

131/5

Element returns the element designated by Position.

131.1/5

function Element (Container : Vector;
                  Position  : Cursor) return Element_Type
   with Pre => (Position /= No_Element
                   or else raise Constraint_Error) and then
                (Has_Element (Container, Position)
                   or else raise Program_Error),
        Nonblocking, Global => null, Use_Formal => Element_Type;

131.2/5

Element returns the element designated by Position in Container.

132/5

procedure Replace_Element (Container : in out Vector;
                           Index     : in     Index_Type;
                           New_Item  : in     Element_Type)
   with Pre => (not Tampering_With_Elements_Prohibited (Container)
                   or else raise Program_Error) and then
                (Index in First_Index (Container) .. Last_Index (Container)
                   or else raise Constraint_Error);

133/5

Replace_Element assigns the value New_Item to the element at position Index. Any exception raised during the assignment is propagated. The element at position Index is not an empty element after successful call to Replace_Element. For the purposes of determining whether the parameters overlap in a call to Replace_Element, the Container parameter is not considered to overlap with any object [(including itself)], and the Index parameter is considered to overlap with the element at position Index.

134/5

procedure Replace_Element (Container : in out Vector;
                           Position  : in     Cursor;
                           New_Item  : in     Element_Type)
   with Pre  => (not Tampering_With_Elements_Prohibited (Container)
                   or else raise Program_Error) and then
                (Position /= No_Element
                   or else raise Constraint_Error) and then
                (Has_Element (Container, Position)
                   or else raise Program_Error);

135/5

Replace_Element assigns New_Item to the element designated by Position. Any exception raised during the assignment is propagated. The element at Position is not an empty element after successful call to Replace_Element. For the purposes of determining whether the parameters overlap in a call to Replace_Element, the Container parameter is not considered to overlap with any object [(including itself)].

135.a/3

ramification

Replace_Element, Update_Element, and Reference are the only ways that an element can change from empty to nonempty. Also see the note following Update_Element.

136/5

procedure Query_Element
  (Container : in Vector;
   Index     : in Index_Type;
   Process   : not null access procedure (Element : in Element_Type))
   with Pre  => Index in First_Index (Container) .. Last_Index (Container)
                   or else raise Constraint_Error;

137/5

Query_Element calls Process.all with the element at position Index as the argument. Tampering with the elements of Container is prohibited during the execution of the call on Process.all. Any exception raised by Process.all is propagated.

137.a/2

reason

The “tamper with the elements” check is intended to prevent the Element parameter of Process from being replaced or deleted outside of Process. The check prevents data loss (if Element_Type is passed by copy) or erroneous execution (if Element_Type is an unconstrained type in an indefinite container).

138/5

procedure Query_Element
  (Position : in Cursor;
   Process  : not null access procedure (Element : in Element_Type))
   with Pre  => Position /= No_Element or else raise Constraint_Error
        Global => in all;

139/5

Query_Element calls Process.all with the element designated by Position as the argument. Tampering with the elements of the vector that contains the element designated by Position is prohibited during the execution of the call on Process.all. Any exception raised by Process.all is propagated.

139.1/5

procedure Query_Element
  (Container : in Vector;
   Position  : in Cursor;
   Process   : not null access procedure (Element : in Element_Type))
   with Pre  => (Position /= No_Element
                   or else raise Constraint_Error) and then
                (Has_Element (Container, Position)
                   or else raise Program_Error);

139.2/5

Query_Element calls Process.all with the element designated by Position as the argument. Tampering with the elements of Container is prohibited during the execution of the call on Process.all. Any exception raised by Process.all is propagated.

140/5

procedure Update_Element
  (Container : in out Vector;
   Index     : in     Index_Type;
   Process   : not null access procedure
                   (Element : in out Element_Type))
   with Pre  => Index in First_Index (Container) .. Last_Index (Container)
                    or else raise Constraint_Error;

141/5

Update_Element calls Process.all with the element at position Index as the argument. Tampering with the elements of Container is prohibited during the execution of the call on Process.all. Any exception raised by Process.all is propagated.

142/2

If Element_Type is unconstrained and definite, then the actual Element parameter of Process.all shall be unconstrained.

142.a/2

ramification

This means that the elements cannot be directly allocated from the heap; it must be possible to change the discriminants of the element in place.

143/2

The element at position Index is not an empty element after successful completion of this operation.

143.a/2

ramification

Since reading an empty element is a bounded error, attempting to use this procedure to replace empty elements may fail. Use Replace_Element to do that reliably.

144/5

procedure Update_Element
  (Container : in out Vector;
   Position  : in     Cursor;
   Process   : not null access procedure
                   (Element : in out Element_Type))
   with Pre  => (Position /= No_Element
                    or else raise Constraint_Error) and then
                 (Has_Element (Container, Position)
                    or else raise Program_Error);

145/5

Update_Element calls Process.all with the element designated by Position as the argument. Tampering with the elements of Container is prohibited during the execution of the call on Process.all. Any exception raised by Process.all is propagated.

146/2

If Element_Type is unconstrained and definite, then the actual Element parameter of Process.all shall be unconstrained.

147/2

The element designated by Position is not an empty element after successful completion of this operation.

147.1/5

type Constant_Reference_Type
      (Element : not null access constant Element_Type) is private
   with Implicit_Dereference => Element,
        Nonblocking, Global => in out synchronized,
        Default_Initial_Condition => (raise Program_Error);
147.2/5
type Reference_Type (Element : not null access Element_Type) is private
   with Implicit_Dereference => Element,
        Nonblocking, Global => in out synchronized,
        Default_Initial_Condition => (raise Program_Error);

147.3/3

The types Constant_Reference_Type and Reference_Type need finalization.

147.4/5

This paragraph was deleted.

147.a/3

reason

It is expected that Reference_Type (and Constant_Reference_Type) will be a controlled type, for which finalization will have some action to terminate the tampering check for the associated container. If the object is created by default, however, there is no associated container. Since this is useless, and supporting this case would take extra work, we define it to raise an exception.

147.5/5

function Constant_Reference (Container : aliased in Vector;
                             Index     : in Index_Type)
   return Constant_Reference_Type
   with Pre    => Index in First_Index (Container) .. Last_Index (Container)
                    or else raise Constraint_Error,
        Post   => Tampering_With_Cursors_Prohibited (Container),
        Nonblocking, Global => null, Use_Formal => null;

147.6/3

This function (combined with the Constant_Indexing and Implicit_Dereference aspects) provides a convenient way to gain read access to an individual element of a vector given an index value.

147.7/5

Constant_Reference returns an object whose discriminant is an access value that designates the element at position Index. Tampering with the elements of Container is prohibited while the object returned by Constant_Reference exists and has not been finalized.

147.8/5

function Reference (Container : aliased in out Vector;
                    Index     : in Index_Type)
   return Reference_Type
   with Pre    => Index in First_Index (Container) .. Last_Index (Container)
                    or else raise Constraint_Error,
        Post   => Tampering_With_Cursors_Prohibited (Container),
        Nonblocking, Global => null, Use_Formal => null;

147.9/3

This function (combined with the Variable_Indexing and Implicit_Dereference aspects) provides a convenient way to gain read and write access to an individual element of a vector given an index value.

147.10/5

Reference returns an object whose discriminant is an access value that designates the element at position Index. Tampering with the elements of Container is prohibited while the object returned by Reference exists and has not been finalized.

147.11/3

The element at position Index is not an empty element after successful completion of this operation.

147.12/5

function Constant_Reference (Container : aliased in Vector;
                             Position  : in Cursor)
   return Constant_Reference_Type
   with Pre  => (Position /= No_Element
                    or else raise Constraint_Error) and then
                 (Has_Element (Container, Position)
                    or else raise Program_Error),
        Post   => Tampering_With_Cursors_Prohibited (Container),
        Nonblocking, Global => null, Use_Formal => null;

147.13/3

This function (combined with the Constant_Indexing and Implicit_Dereference aspects) provides a convenient way to gain read access to an individual element of a vector given a cursor.

147.14/5

Constant_Reference returns an object whose discriminant is an access value that designates the element designated by Position. Tampering with the elements of Container is prohibited while the object returned by Constant_Reference exists and has not been finalized.

147.15/5

function Reference (Container : aliased in out Vector;
                    Position  : in Cursor)
   return Reference_Type
   with Pre  => (Position /= No_Element
                    or else raise Constraint_Error) and then
                 (Has_Element (Container, Position)
                    or else raise Program_Error),
        Post   => Tampering_With_Cursors_Prohibited (Container),
        Nonblocking, Global => null, Use_Formal => null;

147.16/3

This function (combined with the Variable_Indexing and Implicit_Dereference aspects) provides a convenient way to gain read and write access to an individual element of a vector given a cursor.

147.17/5

Reference returns an object whose discriminant is an access value that designates the element designated by Position. Tampering with the elements of Container is prohibited while the object returned by Reference exists and has not been finalized.

147.18/3

The element designated by Position is not an empty element after successful completion of this operation.

147.19/3

procedure Assign (Target : in out Vector; Source : in Vector)
   with Pre  => not Tampering_With_Cursors_Prohibited (Target)
                   or else raise Program_Error,
        Post => Length (Source) = Length (Target) and then
                Capacity (Target) >= Length (Target);

147.20/3

If Target denotes the same object as Source, the operation has no effect. If the length of Source is greater than the capacity of Target, Reserve_Capacity (Target, Length (Source)) is called. The elements of Source are then copied to Target as for an assignment_statement assigning Source to Target (this includes setting the length of Target to be that of Source).

147.b/3

discussion

This routine exists for compatibility with the bounded vector container. For an unbounded vector, Assign(A, B) and A := B behave identically. For a bounded vector, := will raise an exception if the container capacities are different, while Assign will not raise an exception if there is enough room in the target.

147.21/5

function Copy (Source : Vector; Capacity : Count_Type := 0)
   return Vector
   with Pre => Capacity = 0 or else Capacity >= Length (Source)
                   or else raise Capacity_Error,
        Post => Length (Copy'Result) = Length (Source) and then
                not Tampering_With_Elements_Prohibited (Copy'Result)
                   and then
                not Tampering_With_Cursors_Prohibited (Copy'Result)
                   and then
                Copy'Result.Capacity >= (if Capacity = 0 then
                   Length (Source) else Capacity);

147.22/5

Returns a vector whose elements are initialized from the corresponding elements of Source.

148/5

procedure Move (Target : in out Vector;
                Source : in out Vector)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Target)
                   or else raise Program_Error) and then
                (not Tampering_With_Cursors_Prohibited (Source)
                   or else raise Program_Error),
        Post => (if not Target'Has_Same_Storage (Source) then
                    Length (Target) = Length (Source)'Old and then
                    Length (Source) = 0 and then
                    Capacity (Target) >= Length (Source)'Old);

149/5

If Target denotes the same object as Source, then the operation has no effect. Otherwise, Move first calls Reserve_Capacity (Target, Length (Source)) and then Clear (Target); then, each element from Source is removed from Source and inserted into Target in the original order.

149.a/2

implementation advice

The idea is that the internal array is removed from Source and moved to Target. (See the for Move). If Capacity (Target) /= 0, the previous internal array may need to be deallocated. We don't mention this explicitly, because it is covered by the "no memory loss" Implementation Requirement.

150/5

procedure Insert_Vector  (Container : in out Vector;
                         Before    : in     Extended_Index;
                         New_Item  : in     Vector)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Before in
                   First_Index (Container) .. Last_Index (Container) + 1
                   or else raise Constraint_Error) and then
                (Length (Container) <= Maximum_Length - Length (New_Item)
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Length (New_Item) =
                   Length (Container) and then
                Capacity (Container) >= Length (Container);

151/5

If Length(New_Item) is 0, then Insert_Vector does nothing. Otherwise, it computes the new length NL as the sum of the current length and Length (New_Item); if the value of Last appropriate for length NL would be greater than Index_Type'Last, then Constraint_Error is propagated.

152/5

If the current vector capacity is less than NL, Reserve_Capacity (Container, NL) is called to increase the vector capacity. Then Insert_Vector slides the elements in the range Before .. Last_Index (Container) up by Length(New_Item) positions, and then copies the elements of New_Item to the positions starting at Before. Any exception raised during the copying is propagated.

152.a/2

ramification

Moving the elements does not necessarily involve copying. Similarly, since Reserve_Capacity does not require the copying of elements, it does not need to be explicitly called (the implementation can combine the operations if it wishes to).

153/5

procedure Insert_Vector  (Container : in out Vector;
                         Before    : in     Cursor;
                         New_Item  : in     Vector)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Before = No_Element or else
                 Has_Element (Container, Before)
                   or else raise Program_Error) and then
                (Length (Container) <= Maximum_Length - Length (New_Item)
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Length (New_Item) =
                   Length (Container) and then
                Capacity (Container) >= Length (Container);

154/5

If Length(New_Item) is 0, then Insert_Vector does nothing. If Before is No_Element, then the call is equivalent to Insert_Vector (Container, Last_Index (Container) + 1, New_Item); otherwise, the call is equivalent to Insert_Vector (Container, To_Index (Before), New_Item);

154.a/2

ramification

The check on Before checks that the cursor does not belong to some other Container. This check implies that a reference to the container is included in the cursor value. This wording is not meant to require detection of dangling cursors; such cursors are defined to be invalid, which means that execution is erroneous, and any result is allowed (including not raising an exception).

155/5

procedure Insert_Vector  (Container : in out Vector;
                         Before    : in     Cursor;
                         New_Item  : in     Vector;
                         Position  :    out Cursor)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Before = No_Element or else
                 Has_Element (Container, Before)
                   or else raise Program_Error) and then
                (Length (Container) <= Maximum_Length - Length (New_Item)
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Length (New_Item) =
                   Length (Container) and then
                Has_Element (Container, Position) and then
                Capacity (Container) >= Length (Container);

156/5

If Before equals No_Element, then let T be Last_Index (Container) + 1; otherwise, let T be To_Index (Before). Insert_Vector (Container, T, New_Item) is called, and then Position is set to To_Cursor (Container, T).

156.a/5

discussion

The messy wording is needed because Before is invalidated by Insert_Vector , and we don't want Position to be invalid after this call. An implementation probably only needs to copy Before to Position.

157/5

procedure Insert (Container : in out Vector;
                  Before    : in     Extended_Index;
                  New_Item  : in     Element_Type;
                  Count     : in     Count_Type := 1)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Before in
                   First_Index (Container) .. Last_Index (Container) + 1
                   or else raise Constraint_Error) and then
                (Length (Container) <= Maximum_Length - Count
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Count = Length (Container) and then
                Capacity (Container) >= Length (Container);

158/2

Equivalent to Insert (Container, Before, To_Vector (New_Item, Count));

159/5

procedure Insert (Container : in out Vector;
                  Before    : in     Cursor;
                  New_Item  : in     Element_Type;
                  Count     : in     Count_Type := 1)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Before = No_Element or else
                 Has_Element (Container, Before)
                   or else raise Program_Error) and then
                (Length (Container) <= Maximum_Length - Count
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Count = Length (Container) and then
                Capacity (Container) >= Length (Container);

160/2

Equivalent to Insert (Container, Before, To_Vector (New_Item, Count));

161/5

procedure Insert (Container : in out Vector;
                  Before    : in     Cursor;
                  New_Item  : in     Element_Type;
                  Position  :    out Cursor;
                  Count     : in     Count_Type := 1)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Before = No_Element or else
                 Has_Element (Container, Before)
                   or else raise Program_Error) and then
                (Length (Container) <= Maximum_Length - Count
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Count = Length (Container) and then
                Has_Element (Container, Position) and then
                Capacity (Container) >= Length (Container);

162/2

Equivalent to Insert (Container, Before, To_Vector (New_Item, Count), Position);

162.a/3

ramification

If Count equals 0, Position will designate the element designated by Before, rather than a newly inserted element. Otherwise, Position will designate the first newly inserted element.

163/5

procedure Insert (Container : in out Vector;
                  Before    : in     Extended_Index;
                  Count     : in     Count_Type := 1)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Before in
                   First_Index (Container) .. Last_Index (Container) + 1
                   or else raise Constraint_Error) and then
                (Length (Container) <= Maximum_Length - Count
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Count = Length (Container) and then
                Capacity (Container) >= Length (Container);

164/5

If Count is 0, then Insert does nothing. Otherwise, it computes the new length NL as the sum of the current length and Count; if the value of Last appropriate for length NL would be greater than Index_Type'Last, then Constraint_Error is propagated.

165/2

If the current vector capacity is less than NL, Reserve_Capacity (Container, NL) is called to increase the vector capacity. Then Insert slides the elements in the range Before .. Last_Index (Container) up by Count positions, and then inserts elements that are initialized by default (see 3.3.1) in the positions starting at Before.

166/5

procedure Insert (Container : in out Vector;
                  Before    : in     Cursor;
                  Position  :    out Cursor;
                  Count     : in     Count_Type := 1)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Before = No_Element or else
                 Has_Element (Container, Before)
                   or else raise Program_Error) and then
                (Length (Container) <= Maximum_Length - Count
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Count = Length (Container) and then
                Has_Element (Container, Position) and then
                Capacity (Container) >= Length (Container);

167/5

If Before equals No_Element, then let T be Last_Index (Container) + 1; otherwise, let T be To_Index (Before). Insert (Container, T, Count) is called, and then Position is set to To_Cursor (Container, T).

167.a/2

reason

This routine exists mainly to ease conversion between Vector and List containers. Unlike Insert_Space, this routine default initializes the elements it inserts, which can be more expensive for some element types.

168/5

procedure Prepend_Vector  (Container : in out Vector;
                          New_Item  : in     Vector)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Length (Container) <= Maximum_Length - Length (New_Item)
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Length (New_Item) =
                   Length (Container) and then
                Capacity (Container) >= Length (Container);

169/2

Equivalent to Insert (Container, First_Index (Container), New_Item).

170/5

procedure Prepend (Container : in out Vector;
                   New_Item  : in     Element_Type;
                   Count     : in     Count_Type := 1)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Length (Container) <= Maximum_Length - Count
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Count = Length (Container) and then
                Capacity (Container) >= Length (Container);

171/2

Equivalent to Insert (Container, First_Index (Container), New_Item, Count).

172/5

procedure Append_Vector  (Container : in out Vector;
                         New_Item  : in     Vector)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Length (Container) <= Maximum_Length - Length (New_Item)
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Length (New_Item) =
                   Length (Container) and then
                Capacity (Container) >= Length (Container);

173/2

Equivalent to Insert (Container, Last_Index (Container) + 1, New_Item).

174/5

procedure Append (Container : in out Vector;
                  New_Item  : in     Element_Type;
                  Count     : in     Count_Type )
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Length (Container) <= Maximum_Length - Count
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Count = Length (Container) and then
                Capacity (Container) >= Length (Container);

175/2

Equivalent to Insert (Container, Last_Index (Container) + 1, New_Item, Count).

175.1/5

procedure Append (Container : in out Vector;
                  New_Item  : in     Element_Type)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Length (Container) <= Maximum_Length - 1
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + 1 = Length (Container) and then
                Capacity (Container) >= Length (Container);

175.2/5

Equivalent to Insert (Container, Last_Index (Container) + 1, New_Item, 1).

176/5

procedure Insert_Space (Container : in out Vector;
                        Before    : in     Extended_Index;
                        Count     : in     Count_Type := 1)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Before in
                   First_Index (Container) .. Last_Index (Container) + 1
                   or else raise Constraint_Error) and then
                (Length (Container) <= Maximum_Length - Count
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Count = Length (Container) and then
                Capacity (Container) >= Length (Container);

177/5

If Count is 0, then Insert_Space does nothing. Otherwise, it computes the new length NL as the sum of the current length and Count; if the value of Last appropriate for length NL would be greater than Index_Type'Last, then Constraint_Error is propagated.

178/2

If the current vector capacity is less than NL, Reserve_Capacity (Container, NL) is called to increase the vector capacity. Then Insert_Space slides the elements in the range Before .. Last_Index (Container) up by Count positions, and then inserts empty elements in the positions starting at Before.

179/5

procedure Insert_Space (Container : in out Vector;
                        Before    : in     Cursor;
                        Position  :    out Cursor;
                        Count     : in     Count_Type := 1)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Before = No_Element or else
                   Has_Element (Container, Before)
                   or else raise Program_Error) and then
                (Length (Container) <= Maximum_Length - Count
                   or else raise Constraint_Error),
        Post => Length (Container)'Old + Count = Length (Container) and then
                Has_Element (Container, Position) and then
                Capacity (Container) >= Length (Container);

180/5

If Before equals No_Element, then let T be Last_Index (Container) + 1; otherwise, let T be To_Index (Before). Insert_Space (Container, T, Count) is called, and then Position is set to To_Cursor (Container, T).

181/5

procedure Delete (Container : in out Vector;
                  Index     : in     Extended_Index;
                  Count     : in     Count_Type := 1)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Index in
                   First_Index (Container) .. Last_Index (Container) + 1
                   or else raise Constraint_Error),
        Post => Length (Container)'Old - Count <= Length (Container);

182/5

If Count is 0, Delete has no effect. Otherwise, Delete slides the elements (if any) starting at position Index + Count down to Index. Any exception raised during element assignment is propagated.

182.a/2

ramification

If Index + Count >= Last_Index(Container), this effectively truncates the vector (setting Last_Index to Index – 1 and consequently sets Length to Index – Index_Type'First).

183/5

procedure Delete (Container : in out Vector;
                  Position  : in out Cursor;
                  Count     : in     Count_Type := 1)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error) and then
                (Position /= No_Element
                   or else raise Constraint_Error) and then
                (Has_Element (Container, Position)
                   or else raise Program_Error),
        Post => Length (Container)'Old - Count <= Length (Container)
                and then Position = No_Element;

184/5

Delete (Container, To_Index (Position), Count) is called, and then Position is set to No_Element.

185/5

procedure Delete_First (Container : in out Vector;
                        Count     : in     Count_Type := 1)
   with Pre  => not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error,
        Post => Length (Container)'Old - Count <= Length (Container);

186/2

Equivalent to Delete (Container, First_Index (Container), Count).

187/5

procedure Delete_Last (Container : in out Vector;
                       Count     : in     Count_Type := 1)
   with Pre  => not Tampering_With_Cursors_Prohibited (Container)
                   or else raise Program_Error,
        Post => Length (Container)'Old - Count <= Length (Container);

188/3

If Length (Container) <= Count, then Delete_Last is equivalent to Clear (Container). Otherwise, it is equivalent to Delete (Container, Index_Type'Val(Index_Type'Pos(Last_Index (Container)) – Count + 1), Count).

189/5

procedure Reverse_Elements (Container : in out Vector)
   with Pre  => not Tampering_With_Cursors_Prohibited (Container)
                    or else raise Program_Error;

190/2

Reorders the elements of Container in reverse order.

190.a/2

discussion

This can copy the elements of the vector — all cursors referencing the vector are ambiguous afterwards and may designate different elements afterwards.

191/5

procedure Swap (Container : in out Vector;
                I, J      : in     Index_Type)
   with Pre => (not Tampering_With_Elements_Prohibited (Container)
                  or else raise Program_Error) and then
               (I in First_Index (Container) .. Last_Index (Container)
                  or else raise Constraint_Error) and then
               (J in First_Index (Container) .. Last_Index (Container)
                  or else raise Constraint_Error);

192/5

Swap exchanges the values of the elements at positions I and J.

192.a/2

note

To be honest: The implementation is not required to actually copy the elements if it can do the swap some other way. But it is allowed to copy the elements if needed.

193/5

procedure Swap (Container : in out Vector;
                I, J      : in     Cursor)
   with Pre  => (not Tampering_With_Elements_Prohibited (Container)
                   or else raise Program_Error) and then
                (I /= No_Element or else Constraint_Error) and then
                (J /= No_Element or else Constraint_Error) and then
                (Has_Element (Container, I)
                   or else raise Program_Error) and then
                (Has_Element (Container, J)
                   or else raise Program_Error);

194/5

Swap exchanges the values of the elements designated by I and J.

194.a/2

ramification

After a call to Swap, I designates the element value previously designated by J, and J designates the element value previously designated by I. The cursors do not become ambiguous from this operation.

194.b/2

note

To be honest: The implementation is not required to actually copy the elements if it can do the swap some other way. But it is allowed to copy the elements if needed.

195/5

function First_Index (Container : Vector) return Index_Type
   with Nonblocking, Global => null, Use_Formal => null,
        Post => First_Index'Result = Index_Type'First;

196/2

Returns the value Index_Type'First.

196.a/2

discussion

We'd rather call this “First”, but then calling most routines in here with First (Some_Vect) would be ambiguous.

197/5

function First (Container : Vector) return Cursor
   with Nonblocking, Global => null, Use_Formal => null,
        Post => (if not Is_Empty (Container)
                 then Has_Element (Container, First'Result)
                 else First'Result = No_Element);

198/2

If Container is empty, First returns No_Element. Otherwise, it returns a cursor that designates the first element in Container.

199/5

function First_Element (Container : Vector)
   return Element_Type
   with Pre => (not Is_Empty (Container) 
                   or else raise Constraint_Error);

200/2

Equivalent to Element (Container, First_Index (Container)).

201/5

function Last_Index (Container : Vector) return Extended_Index
   with Nonblocking, Global => null, Use_Formal => null,
        Post => (if Length (Container) = 0 then Last_Index'Result = No_Index
                 else Count_Type(Last_Index'Result - Index_Type'First) =
                      Length (Container) - 1);

202/2

If Container is empty, Last_Index returns No_Index. Otherwise, it returns the position of the last element in Container.

203/5

function Last (Container : Vector) return Cursor
   with Nonblocking, Global => null, Use_Formal => null,
        Post => (if not Is_Empty (Container)
                 then Has_Element (Container, Last'Result)
                 else Last'Result = No_Element);

204/2

If Container is empty, Last returns No_Element. Otherwise, it returns a cursor that designates the last element in Container.

205/5

function Last_Element (Container : Vector)
   return Element_Type
   with Pre => (not Is_Empty (Container) 
                   or else raise Constraint_Error);

206/2

Equivalent to Element (Container, Last_Index (Container)).

207/5

function Next (Position : Cursor) return Cursor
   with Nonblocking, Global => in all, Use_Formal => null,
        Post => (if Position = No_Element then Next'Result = No_Element);

208/2

If Position equals No_Element or designates the last element of the container, then Next returns the value No_Element. Otherwise, it returns a cursor that designates the element with index To_Index (Position) + 1 in the same vector as Position.

208.1/5

function Next (Container : Vector;
               Position : Cursor) return Cursor
   with Nonblocking, Global => null, Use_Formal => null,
        Pre  => Position = No_Element or else
                Has_Element (Container, Position)
                   or else raise Program_Error,
        Post => (if Position = No_Element then Next'Result = No_Element
                 elsif Has_Element (Container, Next'Result) then
                    To_Index (Container, Next'Result) =
                    To_Index (Container, Position) + 1
                 elsif Next'Result = No_Element then
                    Position = Last (Container)
                 else False);

208.2/5

Returns a cursor designating the next element in Container, if any.

209/5

procedure Next (Position : in out Cursor)
   with Nonblocking, Global => in all, Use_Formal => null;

210/2

Equivalent to Position := Next (Position).

210.1/5

procedure Next (Container : in     Vector;
                Position  : in out Cursor)
   with Nonblocking, Global => null, Use_Formal => null,
        Pre  => Position = No_Element or else
                Has_Element (Container, Position)
                   or else raise Program_Error,
        Post => (if Position /= No_Element
                 then Has_Element (Container, Position));

210.2/5

Equivalent to Position := Next (Container, Position).

211/5

function Previous (Position : Cursor) return Cursor
   with Nonblocking, Global => in all, Use_Formal => null,
        Post => (if Position = No_Element 
                 then Previous'Result = No_Element);

212/2

If Position equals No_Element or designates the first element of the container, then Previous returns the value No_Element. Otherwise, it returns a cursor that designates the element with index To_Index (Position) – 1 in the same vector as Position.

212.1/5

function Previous (Container : Vector;
                   Position  : Cursor) return Cursor
   with Nonblocking, Global => null, Use_Formal => null,
        Pre  => Position = No_Element or else
                Has_Element (Container, Position)
                   or else raise Program_Error,
        Post => (if Position = No_Element then Previous'Result = No_Element
                 elsif Has_Element (Container, Previous'Result) then
                   To_Index (Container, Previous'Result) =
                   To_Index (Container, Position) - 1
                 elsif Previous'Result = No_Element then
                   Position = First (Container)
                 else False);

212.2/5

Returns a cursor designating the previous element in Container, if any.

213/5

procedure Previous (Position : in out Cursor)
   with Nonblocking, Global => in all, Use_Formal => null;

214/2

Equivalent to Position := Previous (Position).

214.1/5

procedure Previous (Container : in     Vector;
                    Position  : in out Cursor)
   with Nonblocking, Global => null, Use_Formal => null,
        Pre  => Position = No_Element or else
                Has_Element (Container, Position)
                   or else raise Program_Error,
        Post => (if Position /= No_Element
                 then Has_Element (Container, Position));

214.2/5

Equivalent to Position := Previous (Container, Position).

215/2

function Find_Index (Container : Vector;
                     Item      : Element_Type;
                     Index     : Index_Type := Index_Type'First)
   return Extended_Index;

216/2

Searches the elements of Container for an element equal to Item (using the generic formal equality operator). The search starts at position Index and proceeds towards Last_Index (Container). If no equal element is found, then Find_Index returns No_Index. Otherwise, it returns the index of the first equal element encountered.

217/5

function Find (Container : Vector;
               Item      : Element_Type;
               Position  : Cursor := No_Element)
   return Cursor
   with Pre  => Position = No_Element or else
                Has_Element (Container, Position)
                   or else raise Program_Error,
        Post => (if Find'Result /= No_Element
                 then Has_Element (Container, Find'Result));

218/5

Find searches the elements of Container for an element equal to Item (using the generic formal equality operator). The search starts at the first element if Position equals No_Element, and at the element designated by Position otherwise. It proceeds towards the last element of Container. If no equal element is found, then Find returns No_Element. Otherwise, it returns a cursor designating the first equal element encountered.

219/2

function Reverse_Find_Index (Container : Vector;
                             Item      : Element_Type;
                             Index     : Index_Type := Index_Type'Last)
   return Extended_Index;

220/2

Searches the elements of Container for an element equal to Item (using the generic formal equality operator). The search starts at position Index or, if Index is greater than Last_Index (Container), at position Last_Index (Container). It proceeds towards First_Index (Container). If no equal element is found, then Reverse_Find_Index returns No_Index. Otherwise, it returns the index of the first equal element encountered.

221/5

function Reverse_Find (Container : Vector;
                       Item      : Element_Type;
                       Position  : Cursor := No_Element)
   return Cursor
   with Pre  => Position = No_Element or else
                Has_Element (Container, Position)
                   or else raise Program_Error,
        Post => (if Reverse_Find'Result /= No_Element
                 then Has_Element (Container, Reverse_Find'Result));

222/5

Reverse_Find searches the elements of Container for an element equal to Item (using the generic formal equality operator). The search starts at the last element if Position equals No_Element, and at the element designated by Position otherwise. It proceeds towards the first element of Container. If no equal element is found, then Reverse_Find returns No_Element. Otherwise, it returns a cursor designating the first equal element encountered.

223/2

function Contains (Container : Vector;
                   Item      : Element_Type) return Boolean;

224/2

Equivalent to Has_Element (Find (Container, Item)).

Paragraphs 225 and 226 were moved above.

227/5

procedure Iterate
  (Container : in Vector;
   Process   : not null access procedure (Position : in Cursor))
   with Allows_Exit;

228/3

Invokes Process.all with a cursor that designates each element in Container, in index order. Tampering with the cursors of Container is prohibited during the execution of a call on Process.all. Any exception raised by Process.all is propagated.

228.a/2

discussion

The purpose of the “tamper with the cursors” check is to prevent erroneous execution from the Position parameter of Process.all becoming invalid. This check takes place when the operations that tamper with the cursors of the container are called. The check cannot be made later (say in the body of Iterate), because that could cause the Position cursor to be invalid and potentially cause execution to become erroneous -- defeating the purpose of the check.

228.b/2

note

There is no check needed if an attempt is made to insert or delete nothing (that is, Count = 0 or Length(Item) = 0).

228.c/2

note

The check is easy to implement: each container needs a counter. The counter is incremented when Iterate is called, and decremented when Iterate completes. If the counter is nonzero when an operation that inserts or deletes is called, Finalize is called, or one of the other operations in the list occurs, Program_Error is raised.

229/5

procedure Reverse_Iterate
  (Container : in Vector;
   Process   : not null access procedure (Position : in Cursor))
   with Allows_Exit;

230/3

Iterates over the elements in Container as per procedure Iterate, except that elements are traversed in reverse index order.

230.1/5

function Iterate (Container : in Vector)
   return Vector_Iterator_Interfaces.Parallel_Reversible_Iterator 'Class
   with Post   => Tampering_With_Cursors_Prohibited (Container);

230.2/5

Iterate returns an iterator object (see 5.5.1) that will generate a value for a loop parameter (see 5.5.2) designating each node in Container, starting with the first node and moving the cursor as per the Next function when used as a forward iterator, and starting with the last node and moving the cursor as per the Previous function when used as a reverse iterator, and processing all nodes concurrently when used as a parallel iterator. Tampering with the cursors of Container is prohibited while the iterator object exists (in particular, in the sequence_of_statements of the loop_statement whose iterator_specification denotes this object). The iterator object needs finalization.

230.3/5

function Iterate (Container : in Vector; Start : in Cursor)
   return Vector_Iterator_Interfaces.Reversible_Iterator'Class
   with Pre    => (Start /= No_Element
                        or else raise Constraint_Error) and then
                     (Has_Element (Container, Start)
                        or else raise Program_Error),
        Post   => Tampering_With_Cursors_Prohibited (Container);

230.4/5

Iterate returns a reversible iterator object (see 5.5.1) that will generate a value for a loop parameter (see 5.5.2) designating each node in Container, starting with the node designated by Start and moving the cursor as per the Next function when used as a forward iterator, or moving the cursor as per the Previous function when used as a reverse iterator. Tampering with the cursors of Container is prohibited while the iterator object exists (in particular, in the sequence_of_statements of the loop_statement whose iterator_specification denotes this object). The iterator object needs finalization.

230.a/3

discussion

Exits are allowed from the loops created using the iterator objects. In particular, to stop the iteration at a particular cursor, just add

230.b/3

exit when Cur = Stop;

230.c/3

note

in the body of the loop (assuming that Cur is the loop parameter and Stop is the cursor that you want to stop at).

231/3

The actual function for the generic formal function "<" of Generic_Sorting is expected to return the same value each time it is called with a particular pair of element values. It should define a strict weak ordering relationship (see A.18); it should not modify Container. If the actual for "<" behaves in some other manner, the behavior of the subprograms of Generic_Sorting are unspecified. The number of times the subprograms of Generic_Sorting call "<" is unspecified.

232/2

function Is_Sorted (Container : Vector) return Boolean;

233/2

Returns True if the elements are sorted smallest first as determined by the generic formal "<" operator; otherwise, Is_Sorted returns False. Any exception raised during evaluation of "<" is propagated.

234/5

procedure Sort (Container : in out Vector)
   with Pre  => not Tampering_With_Cursors_Prohibited (Container)
                    or else raise Program_Error;

235/2

Reorders the elements of Container such that the elements are sorted smallest first as determined by the generic formal "<" operator provided. Any exception raised during evaluation of "<" is propagated.

235.a/2

implementation advice

This implies swapping the elements, usually including an intermediate copy. This means that the elements will usually be copied. (As with Swap, if the implementation can do this some other way, it is allowed to.) Since the elements are nonlimited, this usually will not be a problem. Note that there is below that the implementation should use a sort that minimizes copying of elements.

235.b/2

note

The sort is not required to be stable (and the fast algorithm required will not be stable). If a stable sort is needed, the user can include the original location of the element as an extra "sort key". We considered requiring the implementation to do that, but it is mostly extra overhead -- usually there is something already in the element that provides the needed stability.

236/5

procedure Merge (Target  : in out Vector;
                 Source  : in out Vector)
   with Pre  => (not Tampering_With_Cursors_Prohibited (Target)
                   or else raise Program_Error) and then
                (not Tampering_With_Cursors_Prohibited (Source)
                   or else raise Program_Error) and then
                (Length (Target) <= Maximum_Length - Length (Source)
                   or else raise Constraint_Error) and then
                ((Length (Source) = 0 or else
                   not Target'Has_Same_Storage (Source))
                   or else raise Program_Error),
        Post => (declare
                    Result_Length : constant Count_Type :=
                       Length (Source)'Old + Length (Target)'Old;
                 begin
                    (Length (Source) = 0 and then
                     Length (Target) = Result_Length and then
                     Capacity (Target) >= Result_Length));

237/5

Merge removes elements from Source and inserts them into Target; afterwards, Target contains the union of the elements that were initially in Source and Target; Source is left empty. If Target and Source are initially sorted smallest first, then Target is ordered smallest first as determined by the generic formal "<" operator; otherwise, the order of elements in Target is unspecified. Any exception raised during evaluation of "<" is propagated.

237.a/2

discussion

It is a bounded error if either of the vectors is unsorted, see below. The bounded error can be recovered by sorting Target after the merge call, or the vectors can be pretested with Is_Sorted.

237.b/2

implementation note

The Merge operation will usually require copying almost all of the elements. One implementation strategy would be to extend Target to the appropriate length, then copying elements from the back of the vectors working towards the front. An alternative approach would be to allocate a new internal data array of the appropriate length, copy the elements into it in an appropriate order, and then replacing the data array in Target with the temporary.

237.1/5

The nested package Vectors.Stable provides a type Stable.Vector that represents a stable vector, which is one that cannot grow and shrink. Such a vector can be created by calling the To_Vector or Copy functions, or by establishing a stabilized view of an ordinary vector.

237.2/5

A.18 Containers

Language Design Principles​

Static Semantics​

Implementation Requirements​

Extensions to Ada 95​

Wording Changes from Ada 2005​

Extensions to Ada 2012​

Wording Changes from Ada 2012​

A.18.1 The Package Containers​

Static Semantics​

Implementation Advice​

Extensions to Ada 95​

Incompatibilities With Ada 2005​

A.18.2 The Generic Package Containers.Vectors​

Static Semantics​

Language Design Principles

Static Semantics

Implementation Requirements

Extensions to Ada 95

Wording Changes from Ada 2005

Extensions to Ada 2012

Wording Changes from Ada 2012

A.18.1 The Package Containers

Static Semantics

Implementation Advice

Extensions to Ada 95

Incompatibilities With Ada 2005

A.18.2 The Generic Package Containers.Vectors

Static Semantics