diff --git a/examples/apps/dccp/.vscode/settings.json b/examples/apps/dccp/.vscode/settings.json new file mode 100644 index 000000000..5ac9865e2 --- /dev/null +++ b/examples/apps/dccp/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "ada.projectFile": "build.gpr" +} diff --git a/examples/apps/dccp/Makefile b/examples/apps/dccp/Makefile new file mode 100644 index 000000000..ff6481a2b --- /dev/null +++ b/examples/apps/dccp/Makefile @@ -0,0 +1,11 @@ +.PHONY: test build prove generate clean + +test: + +build: + +prove: + +generate: + +clean: diff --git a/examples/apps/dccp/README.md b/examples/apps/dccp/README.md new file mode 100644 index 000000000..c0cf74466 --- /dev/null +++ b/examples/apps/dccp/README.md @@ -0,0 +1,68 @@ +# DCCP + +## Getting started + +This project provides a simplified example set for a DCCP specification with a "client" and "server" application. Additional details about what each application does are described below. + +## DCCP Server + +This application acts as the "server," listening on a specific local port for messages in the DCCP format. It is able to receive a specific set of messages based on a small Wireshark sample data set. These messages include: + +- DCCP Request +- DCCP Response +- DCCP Ack +- DCCP DataAck +- DCCP Data +- DCCP Close +- DCCP Reset + +If one of the above messages is received in the expected format, the message information will be printed to the console window. + +This application constantly "listens" for a message and will provide no further indication of operation until a message is received. + +## DCCP Client + +This application acts as the "client," sending a specific set of DCCP messages to a local port. This specific set of messages was pulled from a Wireshark DCCP sample set ([Link to archive](https://wiki.wireshark.org/uploads/__moin_import__/attachments/SampleCaptures/dccp_trace.pcap.gz)). + +For simplicity, and to demonstrate how to write to/access message fields, these messages are hard-coded within the DCCP Client application. + +## Using the Applications + +The basic setup for these applications is simple. After compiling the code into an executable format: + +1. Run the DCCP Server +2. Run the DCCP Client + +Once the client is running and prints out message status information, the server should start receiving the same respective information and print the results to the console. + +## DCCP Specification + +RecordFlux was used to generate the "DCCP specification" for this project. Note that the DCCP protocol was **NOT** implemented in its entirety. The core of the protocol is the **Generic Header**; a fairly simple implementation of this is implemented in RecordFlux. A small portion of **Additional Fields** and **Options** are also implemented so as to align with the Wireshark sample data set. Additionally, the **Application Data Area** of the protocol is lightly implemented here based on Wireshark data. + +The DCCP Specification file is located in the **\specs** folder of each application. + +The message graph (generated from the specification file) is located in the **\out** folder of each application. This provides a visual graph of the message itself, which can be useful for understanding and/or message interpretation. + +## HOWTO: Generate a Message Graph + +To generate a message graph using RecordFlux, locate the message spec and enter the following into the terminal window: + +`rflx graph -d ./out dccp.rflx` + +For the above, **out** is the output directory for the graph and **dccp.rflx** is the spec file. + +## HOWTO: Generate Code Files from a Specification + +To generate code files for the RecordFlux specification, locate the message spec and enter the following into the terminal window: + +`rflx generate -d ./generated/ dccp.rflx` + +For the above, **generated** is the output directory for the generated code files and **dccp.rflx** is the spec file. + +## HOWTO: Validate the Specification + +RecordFlux provides the ability to validate a message specification with real world files in a RAW format. To run validate and generate a corresponding report, locate the message spec and enter the following into the terminal window: + +`rflx validate --coverage -v ./test/valid/ dccp.rflx DCCP::Header` + +For the above, **./test/valid** is the folder in which "valid" sample RAW files are located and **dccp.rflx** is the spec file. diff --git a/examples/apps/dccp/build.gpr b/examples/apps/dccp/build.gpr new file mode 100644 index 000000000..74337e69f --- /dev/null +++ b/examples/apps/dccp/build.gpr @@ -0,0 +1,28 @@ +aggregate project Build is + + for Project_Files use ("dccp_client/dccp_client.gpr", "dccp_server/dccp_server.gpr"); + for Create_Missing_Dirs use "True"; + + Proof_Switches := + ( + "--prover=z3,cvc5,altergo,colibri", + "--steps=0", + "--timeout=300", + "--memlimit=5000", + "--checks-as-errors", + "--warnings=error", + "--function-sandboxing=off", + "--counterexamples=off", + "--output=oneline", + "-j0" + ); + + package Prove is + for Proof_Switches ("Ada") use Proof_Switches; + end Prove; + + package Builder is + for Global_Configuration_Pragmas use "common.adc"; + end Builder; + +end Build; diff --git a/examples/apps/dccp/common.adc b/examples/apps/dccp/common.adc new file mode 100644 index 000000000..c4a1e0300 --- /dev/null +++ b/examples/apps/dccp/common.adc @@ -0,0 +1 @@ +pragma SPARK_Mode (On); diff --git a/examples/apps/dccp/common/socket.adb b/examples/apps/dccp/common/socket.adb new file mode 100644 index 000000000..751d29bec --- /dev/null +++ b/examples/apps/dccp/common/socket.adb @@ -0,0 +1,94 @@ +with Ada.Streams; + +package body Socket with + SPARK_Mode => Off +is + function Is_Open (Chan : Channel) return Boolean is (Chan.Is_Open); + + function Initialize + (Port : Natural; Server : Boolean := False) return Channel + is + Socket : GNAT.Sockets.Socket_Type; + begin + GNAT.Sockets.Create_Socket + (Socket => Socket, Mode => GNAT.Sockets.Socket_Datagram); + + GNAT.Sockets.Set_Socket_Option + (Socket => Socket, Level => GNAT.Sockets.IP_Protocol_For_IP_Level, + Option => (GNAT.Sockets.Reuse_Address, True)); + + if Server then + GNAT.Sockets.Bind_Socket + (Socket => Socket, + Address => + (Family => GNAT.Sockets.Family_Inet, + Addr => GNAT.Sockets.Inet_Addr ("127.0.0.1"), + Port => GNAT.Sockets.Port_Type (Port))); + end if; + + return + Channel' + (Socket => Socket, Port => GNAT.Sockets.Port_Type (Port), + Is_Open => True); + end Initialize; + + procedure Receive + (Chan : Channel; Data : out RFLX.RFLX_Types.Bytes; + Last : out RFLX.RFLX_Types.Index; Success : out Boolean) + is + Recv_Data : Ada.Streams.Stream_Element_Array (1 .. 4_096); + Recv_Last : Ada.Streams.Stream_Element_Offset; + From : GNAT.Sockets.Sock_Addr_Type; + use type Ada.Streams.Stream_Element_Offset; + begin + Success := False; + + GNAT.Sockets.Receive_Socket + (Socket => Chan.Socket, Item => Recv_Data, Last => Recv_Last, + From => From); + + for I in Recv_Data'First .. Recv_Last loop + declare + J : constant RFLX.RFLX_Types.Index := + Data'First + RFLX.RFLX_Types.Index (I) - + RFLX.RFLX_Types.Index (Recv_Data'First); + begin + if J not in Data'Range then + return; + end if; + Data (J) := RFLX.RFLX_Types.Byte (Recv_Data (I)); + end; + end loop; + + Last := Data'First + RFLX.RFLX_Types.Index (Recv_Last - Recv_Data'First); + Success := True; + end Receive; + + procedure Close (Chan : in out Channel) is + begin + GNAT.Sockets.Close_Socket (Chan.Socket); + Chan.Is_Open := False; + end Close; + + procedure Send (Chan : Channel; Data : RFLX.RFLX_Types.Bytes) is + Last : Ada.Streams.Stream_Element_Offset; + Address : GNAT.Sockets.Sock_Addr_Type; + Send_Data : Ada.Streams.Stream_Element_Array (1 .. Data'Length); + use type Ada.Streams.Stream_Element_Offset; + begin + + for I in Data'Range loop + Send_Data + (Send_Data'First + + Ada.Streams.Stream_Element_Offset (I - Data'First)) := + Ada.Streams.Stream_Element (Data (I)); + end loop; + + Address.Port := Chan.Port; + Address.Addr := GNAT.Sockets.Inet_Addr ("127.0.0.1"); + + GNAT.Sockets.Send_Socket + (Socket => Chan.Socket, Item => Send_Data, Last => Last, + To => Address); + end Send; +end Socket; diff --git a/examples/apps/dccp/common/socket.ads b/examples/apps/dccp/common/socket.ads new file mode 100644 index 000000000..cf107774c --- /dev/null +++ b/examples/apps/dccp/common/socket.ads @@ -0,0 +1,40 @@ +with RFLX.RFLX_Types; +private with GNAT.Sockets; + +package Socket with + SPARK_Mode +is + type Channel is private with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); + use type RFLX.RFLX_Types.Index; + + function Is_Open (Chan : Channel) return Boolean with + Ghost, Annotate => (GNATprove, Ownership, "Needs_Reclamation"); + + function Initialize + (Port : Natural; Server : Boolean := False) return Channel with + Post => Is_Open (Initialize'Result); + + procedure Receive + (Chan : Channel; Data : out RFLX.RFLX_Types.Bytes; + Last : out RFLX.RFLX_Types.Index; Success : out Boolean) with + Pre => Is_Open (Chan), Post => Data'First <= Last and Last <= Data'Last; + + procedure Send (Chan : Channel; Data : RFLX.RFLX_Types.Bytes) with + Pre => Is_Open (Chan); + + procedure Close (Chan : in out Channel) with + Pre => Is_Open (Chan), Post => not Is_Open (Chan), + Depends => (Chan => null, null => Chan); + +private + + pragma SPARK_Mode (Off); + + type Channel is record + Socket : GNAT.Sockets.Socket_Type; + Port : GNAT.Sockets.Port_Type; + Is_Open : Boolean; + end record; + +end Socket; diff --git a/examples/apps/dccp/dccp_client/.gitignore b/examples/apps/dccp/dccp_client/.gitignore new file mode 100644 index 000000000..2bc64887d --- /dev/null +++ b/examples/apps/dccp/dccp_client/.gitignore @@ -0,0 +1 @@ +**/obj/** \ No newline at end of file diff --git a/examples/apps/dccp/dccp_client/dccp_client.gpr b/examples/apps/dccp/dccp_client/dccp_client.gpr new file mode 100644 index 000000000..ee18a1495 --- /dev/null +++ b/examples/apps/dccp/dccp_client/dccp_client.gpr @@ -0,0 +1,25 @@ +with "../defaults"; + +project DCCP_Client is + + for Languages use ("RecordFlux", "Ada"); + for Source_Dirs use ("src", "../rflx/generated", "../rflx/specs", "../common"); + for Object_Dir use "obj"; + for Create_Missing_Dirs use "True"; + for Main use ("dccp_client.adb"); + + package Compiler is + for Driver ("recordflux") use ""; + for Default_Switches("Ada") use Defaults.Compiler_Switches; + end Compiler; + + package Naming is + for Spec_Suffix ("recordflux") use ".rflx"; + end Naming; + + package Recordflux is + for Output_Dir use "../rflx/generated"; + end Recordflux; + +end DCCP_Client; + diff --git a/examples/apps/dccp/dccp_client/src/dccp_client.adb b/examples/apps/dccp/dccp_client/src/dccp_client.adb new file mode 100644 index 000000000..0a09c4599 --- /dev/null +++ b/examples/apps/dccp/dccp_client/src/dccp_client.adb @@ -0,0 +1,18 @@ +with Socket; +with Msg_Write; + +procedure DCCP_Client with + SPARK_Mode => On +is + Channel : Socket.Channel := Socket.Initialize (1234); +begin + Msg_Write.Send_Request (Channel); + Msg_Write.Send_Response (Channel); + Msg_Write.Send_Ack (Channel); + Msg_Write.Send_Data_Ack (Channel); + Msg_Write.Send_Data (Channel); + Msg_Write.Send_Close (Channel); + Msg_Write.Send_Reset (Channel); + + Socket.Close (Channel); +end DCCP_Client; diff --git a/examples/apps/dccp/dccp_client/src/msg_write.adb b/examples/apps/dccp/dccp_client/src/msg_write.adb new file mode 100644 index 000000000..b6542b6f6 --- /dev/null +++ b/examples/apps/dccp/dccp_client/src/msg_write.adb @@ -0,0 +1,574 @@ +with Ada.Text_IO; +with RFLX.DCCP.Packet; +with RFLX.DCCP.Option; +with RFLX.DCCP.Options; +with RFLX.RFLX_Types; +with RFLX.RFLX_Builtin_Types; + +package body Msg_Write with + SPARK_Mode => On +is + use RFLX; + use type RFLX.RFLX_Builtin_Types.Bit_Length; + + pragma Warnings + (Off, """*Context"" is set by ""*"" but not used after the call"); + + procedure Send + (Channel : Socket.Channel; Context : in out DCCP.Packet.Context; + Buffer : out RFLX.RFLX_Types.Bytes_Ptr) with + Pre => + DCCP.Packet.Has_Buffer (Context) + and then not Context'Constrained + and then Socket.Is_Open (Channel), + Post => + not DCCP.Packet.Has_Buffer (Context) and then not Context'Constrained + is + Last : RFLX.RFLX_Types.Index; + begin + DCCP.Packet.Verify_Message (Context); + if not DCCP.Packet.Well_Formed_Message (Context) then + DCCP.Packet.Take_Buffer (Context, Buffer); + Ada.Text_IO.Put_Line ("Invalid message created!"); + return; + end if; + Last := RFLX.RFLX_Types.To_Index (DCCP.Packet.Message_Last (Context)); + DCCP.Packet.Take_Buffer (Context, Buffer); + Socket.Send (Channel, Buffer.all (Buffer'First .. Last)); + end Send; + + -- ***************************** + -- Send a simple REQUEST Message + -- ***************************** + procedure Send_Request (Channel : Socket.Channel) is + -- The Buffer is used for raw message data + Buffer : RFLX.RFLX_Types.Bytes_Ptr := + new RFLX.RFLX_Types.Bytes'(1 .. 4_096 => 0); + Context : DCCP.Packet.Context; + begin + Ada.Text_IO.Put ("Start DCCP REQUEST Send..."); + + DCCP.Packet.Initialize (Context, Buffer); + + DCCP.Packet.Set_Source_Port (Context, 32_772); + DCCP.Packet.Set_Destination_Port (Context, 5_001); + DCCP.Packet.Set_Data_Offset (Context, 5); + DCCP.Packet.Set_CCVal (Context, 0); + DCCP.Packet.Set_CsCov (Context, 0); + DCCP.Packet.Set_Checksum (Context, 16#08_DB#); + DCCP.Packet.Set_Res_3 (Context, 0); + DCCP.Packet.Set_Packet_Type (Context, DCCP.DCCP_REQUEST); + DCCP.Packet.Set_X (Context, DCCP.EXTENDED); + DCCP.Packet.Set_Res_8 (Context, 0); + DCCP.Packet.Set_Sequence_Number_Long (Context, 16#00_04_29_01_6D_DC#); + DCCP.Packet.Set_Service_Code (Context, 0); + DCCP.Packet.Set_Data (Context, RFLX.RFLX_Types.Bytes'(1 .. 0 => 0)); + + if DCCP.Packet.Has_Buffer (Context) then + Send (Channel, Context, Buffer); + end if; + + Ada.Text_IO.Put_Line ("Finished!"); + RFLX.RFLX_Types.Free (Buffer); + end Send_Request; + + -- ****************************** + -- Send a simple RESPONSE Message + -- ****************************** + procedure Send_Response (Channel : Socket.Channel) is + Buffer : RFLX.RFLX_Types.Bytes_Ptr := + new RFLX.RFLX_Types.Bytes'(1 .. 4_096 => 0); + Context : DCCP.Packet.Context; + begin + Ada.Text_IO.Put ("Start DCCP RESPONSE Send..."); + + DCCP.Packet.Initialize (Context, Buffer); + + DCCP.Packet.Set_Source_Port (Context, 5_001); + DCCP.Packet.Set_Destination_Port (Context, 32_772); + DCCP.Packet.Set_Data_Offset (Context, 7); + DCCP.Packet.Set_CCVal (Context, 0); + DCCP.Packet.Set_CsCov (Context, 0); + DCCP.Packet.Set_Checksum (Context, 27_074); + DCCP.Packet.Set_Res_3 (Context, 0); + DCCP.Packet.Set_Packet_Type (Context, DCCP.DCCP_RESPONSE); + DCCP.Packet.Set_X (Context, DCCP.EXTENDED); + DCCP.Packet.Set_Res_8 (Context, 0); + DCCP.Packet.Set_Sequence_Number_Long (Context, 0); + DCCP.Packet.Set_Ack_Reserved_Long (Context, 0); + DCCP.Packet.Set_Ack_Number_Long (Context, 0); + DCCP.Packet.Set_Service_Code (Context, 0); + + if DCCP.Packet.Has_Buffer (Context) then + Send (Channel, Context, Buffer); + end if; + + RFLX.RFLX_Types.Free (Buffer); + + Ada.Text_IO.Put_Line ("Finished!"); + end Send_Response; + + -- ************************* + -- Send a simple ACK Message + -- ************************* + procedure Send_Ack (Channel : Socket.Channel) is + -- The Buffer is used for raw message data + Buffer : RFLX.RFLX_Types.Bytes_Ptr := + new RFLX.RFLX_Types.Bytes'(1 .. 4_096 => 0); + Context : DCCP.Packet.Context; + Opt_Context : DCCP.Option.Context; + Options_Array_Context : DCCP.Options.Context; + + begin + Ada.Text_IO.Put ("Start DCCP ACK Send..."); + + DCCP.Packet.Initialize (Context, Buffer); + + DCCP.Packet.Set_Source_Port (Context, 32_772); + DCCP.Packet.Set_Destination_Port (Context, 5_001); + DCCP.Packet.Set_Data_Offset (Context, 11); + DCCP.Packet.Set_CCVal (Context, 0); + DCCP.Packet.Set_CsCov (Context, 0); + DCCP.Packet.Set_Checksum (Context, 16#04_80#); + DCCP.Packet.Set_Res_3 (Context, 0); + DCCP.Packet.Set_Packet_Type (Context, DCCP.DCCP_ACK); + DCCP.Packet.Set_X (Context, DCCP.EXTENDED); + DCCP.Packet.Set_Res_8 (Context, 0); + DCCP.Packet.Set_Sequence_Number_Long (Context, 16#00_04_29_01_6D_DD#); + DCCP.Packet.Set_Ack_Reserved_Long (Context, 0); + DCCP.Packet.Set_Ack_Number_Long (Context, 16#00_08_F0_E9_9B_42#); + + DCCP.Packet.Switch_To_Options (Context, Options_Array_Context); + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- PADDING + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.PADDING); + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- PADDING + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.PADDING); + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- CCID3_RCV_RATE + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.CCID3_RCV_RATE); + -- 1 byte + DCCP.Option.Set_Option_Length (Opt_Context, 6); + -- 4 bytes + DCCP.Option.Set_Receive_Rate (Opt_Context, 0); + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- CCID3_RCV_RATE + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.CCID3_LOSS_EVT_RATE); + -- 1 byte + DCCP.Option.Set_Option_Length (Opt_Context, 6); + -- 4 bytes + DCCP.Option.Set_Loss_Event_Rate (Opt_Context, 0); + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- TIMESTAMP + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.TIMESTAMP); + -- 1 byte + DCCP.Option.Set_Option_Length (Opt_Context, 6); + -- 4 bytes + DCCP.Option.Set_Timestamp_Option (Opt_Context, 16#F9_F5_C7_03#); + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + pragma Assert + (DCCP.Options.Size (Options_Array_Context) = + DCCP.Packet.Field_Size (Context, DCCP.Packet.F_Options)); + DCCP.Packet.Update_Options (Context, Options_Array_Context); + + if DCCP.Packet.Has_Buffer (Context) then + Send (Channel, Context, Buffer); + end if; + + RFLX.RFLX_Types.Free (Buffer); + + Ada.Text_IO.Put_Line ("Finished!"); + end Send_Ack; + + -- ****************************** + -- Send a simple DATA ACK Message + -- ****************************** + procedure Send_Data_Ack (Channel : Socket.Channel) is + Buffer : RFLX.RFLX_Types.Bytes_Ptr := + new RFLX.RFLX_Types.Bytes'(1 .. 4_096 => 0); + Context : DCCP.Packet.Context; + Opt_Context : DCCP.Option.Context; + Options_Array_Context : DCCP.Options.Context; + Data : constant RFLX.RFLX_Types.Bytes := + (16#20#, 16#21#, 16#22#, 16#23#, 16#24#, 16#25#, 16#26#, 16#27#, + 16#28#, 16#29#, 16#2a#, 16#2b#, 16#2c#, 16#2d#, 16#2e#, 16#2f#, + 16#30#, 16#31#, 16#32#, 16#33#, 16#34#, 16#35#, 16#36#, 16#37#, + 16#38#, 16#39#, 16#3a#, 16#3b#, 16#3c#, 16#3d#, 16#3e#, 16#3f#, + 16#40#, 16#41#, 16#42#, 16#43#, 16#44#, 16#45#, 16#46#, 16#47#, + 16#48#, 16#49#, 16#4a#, 16#4b#, 16#4c#, 16#4d#, 16#4e#, 16#4f#, + 16#50#, 16#51#, 16#52#, 16#53#, 16#54#, 16#55#, 16#56#, 16#57#, + 16#58#, 16#59#, 16#5a#, 16#5b#, 16#5c#, 16#5d#, 16#5e#, 16#5f#, + 16#60#, 16#61#, 16#62#, 16#63#, 16#64#, 16#65#, 16#66#, 16#67#, + 16#68#, 16#69#, 16#6a#, 16#6b#, 16#6c#, 16#6d#, 16#6e#, 16#6f#, + 16#70#, 16#71#, 16#72#, 16#73#, 16#74#, 16#75#, 16#76#, 16#77#, + 16#78#, 16#79#, 16#7a#, 16#7b#, 16#7c#, 16#7d#, 16#7e#, 16#20#, + 16#21#, 16#22#, 16#23#, 16#24#, 16#25#, 16#26#, 16#27#, 16#28#, + 16#29#, 16#2a#, 16#2b#, 16#2c#, 16#2d#, 16#2e#, 16#2f#, 16#30#, + 16#31#, 16#32#, 16#33#, 16#34#, 16#35#, 16#36#, 16#37#, 16#38#, + 16#39#, 16#3a#, 16#3b#, 16#3c#, 16#3d#, 16#3e#, 16#3f#, 16#40#, + 16#41#, 16#42#, 16#43#, 16#44#, 16#45#, 16#46#, 16#47#, 16#48#, + 16#49#, 16#4a#, 16#4b#, 16#4c#, 16#4d#, 16#4e#, 16#4f#, 16#50#, + 16#51#, 16#52#, 16#53#, 16#54#, 16#55#, 16#56#, 16#57#, 16#58#, + 16#59#, 16#5a#, 16#5b#, 16#5c#, 16#5d#, 16#5e#, 16#5f#, 16#60#, + 16#61#, 16#62#, 16#63#, 16#64#, 16#65#, 16#66#, 16#67#, 16#68#, + 16#69#, 16#6a#, 16#6b#, 16#6c#, 16#6d#, 16#6e#, 16#6f#, 16#70#, + 16#71#, 16#72#, 16#73#, 16#74#, 16#75#, 16#76#, 16#77#, 16#78#, + 16#79#, 16#7a#, 16#7b#, 16#7c#, 16#7d#, 16#7e#, 16#20#, 16#21#, + 16#22#, 16#23#, 16#24#, 16#25#, 16#26#, 16#27#, 16#28#, 16#29#, + 16#2a#, 16#2b#, 16#2c#, 16#2d#, 16#2e#, 16#2f#, 16#30#, 16#31#, + 16#32#, 16#33#, 16#34#, 16#35#, 16#36#, 16#37#, 16#38#, 16#39#, + 16#3a#, 16#3b#, 16#3c#, 16#3d#, 16#3e#, 16#3f#, 16#40#, 16#41#, + 16#42#, 16#43#, 16#44#, 16#45#, 16#46#, 16#47#, 16#48#, 16#49#, + 16#4a#, 16#4b#, 16#4c#, 16#4d#, 16#4e#, 16#4f#, 16#50#, 16#51#, + 16#52#, 16#53#, 16#54#, 16#55#, 16#56#, 16#57#, 16#58#, 16#59#, + 16#5a#, 16#5b#, 16#5c#, 16#5d#, 16#5e#, 16#5f#, 16#60#, 16#61#); + begin + Ada.Text_IO.Put ("Start DCCP DATA ACK Send..."); + + DCCP.Packet.Initialize (Context, Buffer); + + -- NOTE: These MUST be set in the order in which they appear in the message. + -- If set out of order, a "discriminant check" error (CONSTRAINT ERROR) + -- will be thrown. + DCCP.Packet.Set_Source_Port (Context, 32_772); + DCCP.Packet.Set_Destination_Port (Context, 5_001); + DCCP.Packet.Set_Data_Offset (Context, 12); + DCCP.Packet.Set_CCVal (Context, 0); + DCCP.Packet.Set_CsCov (Context, 0); + DCCP.Packet.Set_Checksum (Context, 16#91_1E#); + DCCP.Packet.Set_Res_3 (Context, 0); + DCCP.Packet.Set_Packet_Type (Context, DCCP.DCCP_DATA_ACK); + DCCP.Packet.Set_X (Context, DCCP.EXTENDED); + DCCP.Packet.Set_Res_8 (Context, 0); + DCCP.Packet.Set_Sequence_Number_Long (Context, 16#00_04_29_01_6D_DE#); + DCCP.Packet.Set_Ack_Reserved_Long (Context, 0); + DCCP.Packet.Set_Ack_Number_Long (Context, 16#00_08_F0_E9_9B_42#); + + -- START OPTIONS AREA + + DCCP.Packet.Switch_To_Options (Context, Options_Array_Context); + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- PADDING + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.PADDING); + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- PADDING + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.PADDING); + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- PADDING + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.PADDING); + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- CCID3_RCV_RATE + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.CCID3_RCV_RATE); + -- 1 byte + DCCP.Option.Set_Option_Length (Opt_Context, 6); + -- 4 bytes + DCCP.Option.Set_Receive_Rate (Opt_Context, 0); + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- CCID3_RCV_RATE + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.CCID3_LOSS_EVT_RATE); + -- 1 byte + DCCP.Option.Set_Option_Length (Opt_Context, 6); + -- 4 bytes + DCCP.Option.Set_Loss_Event_Rate (Opt_Context, 0); + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- TIMESTAMP + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.TIMESTAMP); + -- 1 byte + DCCP.Option.Set_Option_Length (Opt_Context, 6); + -- 4 bytes + DCCP.Option.Set_Timestamp_Option (Opt_Context, 16#F9_F5_C7_17#); + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- NDP COUNT + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.NDP_COUNT); + -- 1 byte + DCCP.Option.Set_Option_Length (Opt_Context, 3); + -- 1 byte + DCCP.Option.Set_NDP_Count_Opt + (Opt_Context, (1 => 1)); -- special case for an array of one + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- Finish OPTIONS AREA + DCCP.Packet.Update_Options (Context, Options_Array_Context); + + pragma Assert (DCCP.Packet.Well_Formed (Context, DCCP.Packet.F_Options)); + + -- Set "Data" + -- Lots'o bytes + DCCP.Packet.Set_Data (Context, Data); + + if DCCP.Packet.Has_Buffer (Context) then + Send (Channel, Context, Buffer); + end if; + + RFLX.RFLX_Types.Free (Buffer); + + Ada.Text_IO.Put_Line ("Finished!"); + end Send_Data_Ack; + + -- ************************** + -- Send a simple DATA Message + -- ************************** + procedure Send_Data (Channel : Socket.Channel) is + -- The Buffer is used for raw message data + Buffer : RFLX.RFLX_Types.Bytes_Ptr := + new RFLX.RFLX_Types.Bytes'(1 .. 4_096 => 0); + Context : DCCP.Packet.Context; + Data : constant RFLX.RFLX_Types.Bytes := + (16#20#, 16#21#, 16#22#, 16#23#, 16#24#, 16#25#, 16#26#, 16#27#, + 16#28#, 16#29#, 16#2a#, 16#2b#, 16#2c#, 16#2d#, 16#2e#, 16#2f#, + 16#30#, 16#31#, 16#32#, 16#33#, 16#34#, 16#35#, 16#36#, 16#37#, + 16#38#, 16#39#, 16#3a#, 16#3b#, 16#3c#, 16#3d#, 16#3e#, 16#3f#, + 16#40#, 16#41#, 16#42#, 16#43#, 16#44#, 16#45#, 16#46#, 16#47#, + 16#48#, 16#49#, 16#4a#, 16#4b#, 16#4c#, 16#4d#, 16#4e#, 16#4f#, + 16#50#, 16#51#, 16#52#, 16#53#, 16#54#, 16#55#, 16#56#, 16#57#, + 16#58#, 16#59#, 16#5a#, 16#5b#, 16#5c#, 16#5d#, 16#5e#, 16#5f#, + 16#60#, 16#61#, 16#62#, 16#63#, 16#64#, 16#65#, 16#66#, 16#67#, + 16#68#, 16#69#, 16#6a#, 16#6b#, 16#6c#, 16#6d#, 16#6e#, 16#6f#, + 16#70#, 16#71#, 16#72#, 16#73#, 16#74#, 16#75#, 16#76#, 16#77#, + 16#78#, 16#79#, 16#7a#, 16#7b#, 16#7c#, 16#7d#, 16#7e#, 16#20#, + 16#21#, 16#22#, 16#23#, 16#24#, 16#25#, 16#26#, 16#27#, 16#28#, + 16#29#, 16#2a#, 16#2b#, 16#2c#, 16#2d#, 16#2e#, 16#2f#, 16#30#, + 16#31#, 16#32#, 16#33#, 16#34#, 16#35#, 16#36#, 16#37#, 16#38#, + 16#39#, 16#3a#, 16#3b#, 16#3c#, 16#3d#, 16#3e#, 16#3f#, 16#40#, + 16#41#, 16#42#, 16#43#, 16#44#, 16#45#, 16#46#, 16#47#, 16#48#, + 16#49#, 16#4a#, 16#4b#, 16#4c#, 16#4d#, 16#4e#, 16#4f#, 16#50#, + 16#51#, 16#52#, 16#53#, 16#54#, 16#55#, 16#56#, 16#57#, 16#58#, + 16#59#, 16#5a#, 16#5b#, 16#5c#, 16#5d#, 16#5e#, 16#5f#, 16#60#, + 16#61#, 16#62#, 16#63#, 16#64#, 16#65#, 16#66#, 16#67#, 16#68#, + 16#69#, 16#6a#, 16#6b#, 16#6c#, 16#6d#, 16#6e#, 16#6f#, 16#70#, + 16#71#, 16#72#, 16#73#, 16#74#, 16#75#, 16#76#, 16#77#, 16#78#, + 16#79#, 16#7a#, 16#7b#, 16#7c#, 16#7d#, 16#7e#, 16#20#, 16#21#, + 16#22#, 16#23#, 16#24#, 16#25#, 16#26#, 16#27#, 16#28#, 16#29#, + 16#2a#, 16#2b#, 16#2c#, 16#2d#, 16#2e#, 16#2f#, 16#30#, 16#31#, + 16#32#, 16#33#, 16#34#, 16#35#, 16#36#, 16#37#, 16#38#, 16#39#, + 16#3a#, 16#3b#, 16#3c#, 16#3d#, 16#3e#, 16#3f#, 16#40#, 16#41#, + 16#42#, 16#43#, 16#44#, 16#45#, 16#46#, 16#47#, 16#48#, 16#49#, + 16#4a#, 16#4b#, 16#4c#, 16#4d#, 16#4e#, 16#4f#, 16#50#, 16#51#, + 16#52#, 16#53#, 16#54#, 16#55#, 16#56#, 16#57#, 16#58#, 16#59#, + 16#5a#, 16#5b#, 16#5c#, 16#5d#, 16#5e#, 16#5f#, 16#60#, 16#61#); + begin + Ada.Text_IO.Put ("Start DCCP DATA Send..."); + + DCCP.Packet.Initialize (Context, Buffer); + + -- NOTE: These MUST be set in the order in which they appear in the message. + -- If set out of order, a "discriminant check" error (CONSTRAINT ERROR) + -- will be thrown. + DCCP.Packet.Set_Source_Port (Context, 32_772); + DCCP.Packet.Set_Destination_Port (Context, 5_001); + DCCP.Packet.Set_Data_Offset (Context, 4); + DCCP.Packet.Set_CCVal (Context, 2); + DCCP.Packet.Set_CsCov (Context, 0); + DCCP.Packet.Set_Checksum (Context, 16#4D_E1#); + DCCP.Packet.Set_Res_3 (Context, 0); + DCCP.Packet.Set_Packet_Type (Context, DCCP.DCCP_DATA); + DCCP.Packet.Set_X (Context, DCCP.EXTENDED); + DCCP.Packet.Set_Res_8 (Context, 0); + DCCP.Packet.Set_Sequence_Number_Long (Context, 16#00_04_29_01_6D_E2#); + + DCCP.Packet.Set_Data (Context, Data); + + if DCCP.Packet.Has_Buffer (Context) then + Send (Channel, Context, Buffer); + end if; + + RFLX.RFLX_Types.Free (Buffer); + + Ada.Text_IO.Put_Line ("Finished!"); + end Send_Data; + + -- *************************** + -- Send a simple CLOSE Message + -- *************************** + procedure Send_Close (Channel : Socket.Channel) is + -- The Buffer is used for raw message data + Buffer : RFLX.RFLX_Types.Bytes_Ptr := + new RFLX.RFLX_Types.Bytes'(1 .. 4_096 => 0); + + -- Working w/messages requires a context. It holds a ptr to the actual message, + -- current state of message serialization after parsing, and actual field + -- vals for scalar types + Context : DCCP.Packet.Context; + begin + Ada.Text_IO.Put ("Start DCCP CLOSE Send..."); + + DCCP.Packet.Initialize (Context, Buffer); + + -- NOTE: These MUST be set in the order in which they appear in the message. + -- If set out of order, a "discriminant check" error (CONSTRAINT ERROR) + -- will be thrown. + + DCCP.Packet.Set_Source_Port (Context, 32_772); + DCCP.Packet.Set_Destination_Port (Context, 5_001); + DCCP.Packet.Set_Data_Offset (Context, 6); + DCCP.Packet.Set_CCVal (Context, 0); + DCCP.Packet.Set_CsCov (Context, 0); + DCCP.Packet.Set_Checksum (Context, 16#5B_E4#); + DCCP.Packet.Set_Res_3 (Context, 0); + DCCP.Packet.Set_Packet_Type (Context, DCCP.DCCP_CLOSE); + DCCP.Packet.Set_X (Context, DCCP.EXTENDED); + DCCP.Packet.Set_Res_8 (Context, 0); + DCCP.Packet.Set_Sequence_Number_Long (Context, 16#00_04_29_01_81_66#); + + DCCP.Packet.Set_Ack_Reserved_Long (Context, 0); + DCCP.Packet.Set_Ack_Number_Long (Context, 8); + + if DCCP.Packet.Has_Buffer (Context) then + Send (Channel, Context, Buffer); + end if; + + RFLX.RFLX_Types.Free (Buffer); + + Ada.Text_IO.Put_Line ("Finished!"); + end Send_Close; + + -- *************************** + -- Send a simple RESET Message + -- *************************** + procedure Send_Reset (Channel : Socket.Channel) is + -- The Buffer is used for raw message data + Buffer : RFLX.RFLX_Types.Bytes_Ptr := + new RFLX.RFLX_Types.Bytes'(1 .. 4_096 => 0); + Context : DCCP.Packet.Context; + Opt_Context : DCCP.Option.Context; + Options_Array_Context : DCCP.Options.Context; + begin + Ada.Text_IO.Put ("Start DCCP RESET Send..."); + + DCCP.Packet.Initialize (Context, Buffer); + + -- NOTE: These MUST be set in the order in which they appear in the message. + -- If set out of order, a "discriminant check" error (CONSTRAINT ERROR) + -- will be thrown. + + DCCP.Packet.Set_Source_Port (Context, 5_001); + DCCP.Packet.Set_Destination_Port (Context, 32_772); + DCCP.Packet.Set_Data_Offset (Context, 8); + DCCP.Packet.Set_CCVal (Context, 0); + DCCP.Packet.Set_CsCov (Context, 0); + DCCP.Packet.Set_Checksum (Context, 16#44_A4#); + DCCP.Packet.Set_Res_3 (Context, 0); + DCCP.Packet.Set_Packet_Type (Context, DCCP.DCCP_RESET); + DCCP.Packet.Set_X (Context, DCCP.EXTENDED); + DCCP.Packet.Set_Res_8 (Context, 0); + DCCP.Packet.Set_Sequence_Number_Long (Context, 16#00_08_F0_E9_9B_78#); + DCCP.Packet.Set_Ack_Reserved_Long (Context, 0); + DCCP.Packet.Set_Ack_Number_Long (Context, 4); + DCCP.Packet.Set_Reset_Code (Context, DCCP.CLOSED); + DCCP.Packet.Set_Data_1 (Context, 0); + DCCP.Packet.Set_Data_2 (Context, 0); + DCCP.Packet.Set_Data_3 (Context, 0); + + -- START OPTIONS AREA + + DCCP.Packet.Switch_To_Options (Context, Options_Array_Context); + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- PADDING + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.PADDING); + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- NDP COUNT + + DCCP.Options.Switch (Options_Array_Context, Opt_Context); + + -- 1 byte + DCCP.Option.Set_Option_Type (Opt_Context, DCCP.NDP_COUNT); + -- 1 byte + DCCP.Option.Set_Option_Length (Opt_Context, 3); + -- 1 byte + DCCP.Option.Set_NDP_Count_Opt + (Opt_Context, (1 => 53)); -- special case for an array of one + + DCCP.Options.Update (Options_Array_Context, Opt_Context); + + -- Finish OPTIONS AREA + + DCCP.Packet.Update_Options (Context, Options_Array_Context); + + if DCCP.Packet.Has_Buffer (Context) then + Send (Channel, Context, Buffer); + end if; + + RFLX.RFLX_Types.Free (Buffer); + + Ada.Text_IO.Put_Line ("Finished!"); + end Send_Reset; + +end Msg_Write; diff --git a/examples/apps/dccp/dccp_client/src/msg_write.ads b/examples/apps/dccp/dccp_client/src/msg_write.ads new file mode 100644 index 000000000..c2e68cb6e --- /dev/null +++ b/examples/apps/dccp/dccp_client/src/msg_write.ads @@ -0,0 +1,27 @@ +with Socket; + +package Msg_Write with + SPARK_Mode => On +is + procedure Send_Request (Channel : Socket.Channel) + with Pre => Socket.Is_Open (Channel); + + procedure Send_Response (Channel : Socket.Channel) + with Pre => Socket.Is_Open (Channel); + + procedure Send_Ack (Channel : Socket.Channel) + with Pre => Socket.Is_Open (Channel); + + procedure Send_Data_Ack (Channel : Socket.Channel) + with Pre => Socket.Is_Open (Channel); + + procedure Send_Data (Channel : Socket.Channel) + with Pre => Socket.Is_Open (Channel); + + procedure Send_Close (Channel : Socket.Channel) + with Pre => Socket.Is_Open (Channel); + + procedure Send_Reset (Channel : Socket.Channel) + with Pre => Socket.Is_Open (Channel); + +end Msg_Write; diff --git a/examples/apps/dccp/dccp_server/.gitignore b/examples/apps/dccp/dccp_server/.gitignore new file mode 100644 index 000000000..2bc64887d --- /dev/null +++ b/examples/apps/dccp/dccp_server/.gitignore @@ -0,0 +1 @@ +**/obj/** \ No newline at end of file diff --git a/examples/apps/dccp/dccp_server/dccp_server.gpr b/examples/apps/dccp/dccp_server/dccp_server.gpr new file mode 100644 index 000000000..7369f7cbf --- /dev/null +++ b/examples/apps/dccp/dccp_server/dccp_server.gpr @@ -0,0 +1,24 @@ +with "../defaults"; + +project DCCP_Server is + + for Languages use ("RecordFlux", "Ada"); + for Source_Dirs use ("../rflx/generated", "../rflx/specs", "src", "../common"); + for Object_Dir use "obj"; + for Create_Missing_Dirs use "True"; + for Main use ("dccp_server.adb"); + + package Compiler is + for Driver ("recordflux") use ""; + for Default_Switches ("Ada") use Defaults.Compiler_Switches; + end Compiler; + + package Naming is + for Spec_Suffix ("recordflux") use ".rflx"; + end Naming; + + package Recordflux is + for Output_Dir use "../rflx/generated"; + end Recordflux; + +end DCCP_Server; diff --git a/examples/apps/dccp/dccp_server/src/dccp_server.adb b/examples/apps/dccp/dccp_server/src/dccp_server.adb new file mode 100644 index 000000000..973a14108 --- /dev/null +++ b/examples/apps/dccp/dccp_server/src/dccp_server.adb @@ -0,0 +1,89 @@ +with Ada.Text_IO; +with RFLX.DCCP.Packet; +with RFLX.RFLX_Types; +with Socket; +with Msg_Read; + +procedure DCCP_Server with + SPARK_Mode => On, Annotate => (GNATprove, Might_Not_Return) +is + use RFLX; + + Channel : Socket.Channel := Socket.Initialize (1_234, Server => True); + Buffer : RFLX_Types.Bytes_Ptr := + new RFLX.RFLX_Types.Bytes'(1 .. 4_096 => 0); + Last : RFLX_Types.Index; + Success : Boolean; + Context : DCCP.Packet.Context; + use type RFLX_Types.Bytes_Ptr; + use type RFLX_Types.Index; +begin + pragma Warnings + (Off, """Context"" is set by ""*"" but not used after the call"); + + Ada.Text_IO.Put_Line ("Server started"); + + loop + pragma Loop_Invariant (Buffer /= null); + pragma Loop_Invariant (Buffer'Last < RFLX_Types.Index'Last); + pragma Loop_Invariant (not DCCP.Packet.Has_Buffer (Context)); + + -- Listen for data on the connection + Socket.Receive (Channel, Buffer.all, Last, Success); + if not Success or Buffer'Length = 0 then + Ada.Text_IO.Put_Line ("Socket failure :("); + exit; + end if; + + Ada.Text_IO.Put_Line ("Got message, length " & Last'Image); + + -- Get Context ready + DCCP.Packet.Initialize + (Context, Buffer, RFLX.RFLX_Types.To_Last_Bit_Index (Last)); + + -- Verify Context lines up with spec'd fields + DCCP.Packet.Verify_Message (Context); + + if DCCP.Packet.Well_Formed_Message (Context) then + declare + Msg_Type : constant DCCP.Type_Field := + DCCP.Packet.Get_Packet_Type (Context); + begin + case Msg_Type is + when DCCP.DCCP_REQUEST => + Msg_Read.DCCP_REQUEST (Context); + + when DCCP.DCCP_ACK => + Msg_Read.DCCP_ACK (Context); + + when DCCP.DCCP_DATA_ACK => + Msg_Read.DCCP_DATA_ACK (Context); + + when DCCP.DCCP_DATA => + Msg_Read.DCCP_DATA (Context); + + when DCCP.DCCP_CLOSE => + Msg_Read.DCCP_CLOSE (Context); + + when DCCP.DCCP_RESET => + Msg_Read.DCCP_RESET (Context); + + when DCCP.DCCP_RESPONSE => + Msg_Read.DCCP_RESPONSE (Context); + + when others => + Ada.Text_IO.Put_Line ("Unsupported Message Received!"); + end case; + end; + else + Ada.Text_IO.Put_Line ("Message invalid"); + end if; + + DCCP.Packet.Take_Buffer (Context, Buffer); + + end loop; + + RFLX.RFLX_Types.Free (Buffer); + Socket.Close (Channel); + +end DCCP_Server; diff --git a/examples/apps/dccp/dccp_server/src/msg_read.adb b/examples/apps/dccp/dccp_server/src/msg_read.adb new file mode 100644 index 000000000..efdd181c1 --- /dev/null +++ b/examples/apps/dccp/dccp_server/src/msg_read.adb @@ -0,0 +1,406 @@ +with Ada.Text_IO; +with RFLX.RFLX_Types; +with RFLX.RFLX_Builtin_Types; +with RFLX.DCCP.Option; +with RFLX.DCCP.Options; + +package body Msg_Read with + SPARK_Mode => On +is + use RFLX.RFLX_Builtin_Types; + use type DCCP.Ext_Seq_Type; + package Byte_IO is new Ada.Text_IO.Modular_IO + (RFLX.RFLX_Builtin_Types.Byte); + + pragma Warnings + (Off, """*Context"" is set by ""*"" but not used after the call"); + pragma Warnings (Off, "subprogram ""Print_Data"" has no effect"); + + procedure Print_Data_Block (Data_Block : RFLX.RFLX_Types.Bytes) with + Annotate => (GNATprove, Always_Return); + + procedure Print_Data is new DCCP.Packet.Generic_Get_Data (Print_Data_Block); + + procedure Print_Generic_Header (Ctx : DCCP.Packet.Context) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then DCCP.Packet.Well_Formed_Message (Ctx); + + procedure Print_Sequence_Number_Long (Ctx : DCCP.Packet.Context) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then DCCP.Packet.Well_Formed_Message (Ctx) + and then DCCP.Packet.Get_X (Ctx) = DCCP.EXTENDED; + + procedure Print_Ack_Number_Long (Ctx : DCCP.Packet.Context) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then DCCP.Packet.Well_Formed_Message (Ctx) + and then DCCP.Packet.Get_X (Ctx) = DCCP.EXTENDED + and then DCCP.Packet.Get_Packet_Type (Ctx) /= DCCP.DCCP_DATA + and then DCCP.Packet.Get_Packet_Type (Ctx) /= DCCP.DCCP_REQUEST; + + -- *********************** + -- Print a buffer of bytes + -- *********************** + procedure Print_Data_Block (Data_Block : RFLX_Types.Bytes) with + SPARK_Mode => Off + is + begin + for Byte_Chunk of Data_Block loop + Byte_IO.Put (Byte_Chunk, Base => 16); + Ada.Text_IO.Put (' '); + end loop; + Ada.Text_IO.New_Line; + end Print_Data_Block; + + -- *********************************************************************** + -- Read and print the header info that is present in ALL received messages + -- *********************************************************************** + procedure Print_Generic_Header (Ctx : DCCP.Packet.Context) is + begin + Ada.Text_IO.Put_Line + ("Packet Type: " & + DCCP.Type_Field'Image (DCCP.Packet.Get_Packet_Type (Ctx))); + Ada.Text_IO.Put_Line + ("Source Port: " & + DCCP.Port_Type'Image (DCCP.Packet.Get_Source_Port (Ctx))); + Ada.Text_IO.Put_Line + ("Destination Port: " & + DCCP.Port_Type'Image (DCCP.Packet.Get_Destination_Port (Ctx))); + Ada.Text_IO.Put_Line + ("Data Offset: " & + DCCP.Data_Offset_Type'Image (DCCP.Packet.Get_Data_Offset (Ctx))); + Ada.Text_IO.Put_Line + ("CCVal: " & DCCP.CCVal_Type'Image (DCCP.Packet.Get_CCVal (Ctx))); + Ada.Text_IO.Put_Line + ("CsCov: " & + DCCP.Checksum_Coverage_Type'Image (DCCP.Packet.Get_CsCov (Ctx))); + Ada.Text_IO.Put_Line + ("Checksum: " & + DCCP.Checksum_Type'Image (DCCP.Packet.Get_Checksum (Ctx))); + Ada.Text_IO.Put_Line + ("Reserved 3: " & + DCCP.Reserved_3_Type'Image (DCCP.Packet.Get_Res_3 (Ctx))); + Ada.Text_IO.Put_Line + ("Sequence Type: " & + DCCP.Ext_Seq_Type'Image (DCCP.Packet.Get_X (Ctx))); + end Print_Generic_Header; + + -- ****************************************** + -- Read and print long sequence number chunks + -- ****************************************** + procedure Print_Sequence_Number_Long (Ctx : DCCP.Packet.Context) is + begin + Ada.Text_IO.Put_Line + ("Reserved 8: " & + DCCP.Reserved_8_Type'Image (DCCP.Packet.Get_Res_8 (Ctx))); + Ada.Text_IO.Put_Line + ("Sequence Number Long: " & + DCCP.Sequence_Number_Long_Type'Image + (DCCP.Packet.Get_Sequence_Number_Long (Ctx))); + end Print_Sequence_Number_Long; + + -- ************************************************* + -- Read and print long acknowledgement number chunks + -- ************************************************* + procedure Print_Ack_Number_Long (Ctx : DCCP.Packet.Context) is + begin + Ada.Text_IO.Put_Line + ("Acknowledge Reserved Long: " & + DCCP.Reserved_16_Type'Image + (DCCP.Packet.Get_Ack_Reserved_Long (Ctx))); + Ada.Text_IO.Put_Line + ("Acknowledge Number Long: " & + DCCP.Ack_Number_Long_Type'Image + (DCCP.Packet.Get_Ack_Number_Long (Ctx))); + end Print_Ack_Number_Long; + + -- ********************************* + -- Read and print the options header + -- ********************************* + procedure Print_Options (Ctx : in out DCCP.Packet.Context) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then DCCP.Packet.Well_Formed_Message (Ctx) and then not Ctx'Constrained + and then DCCP.Packet.Valid (Ctx, DCCP.Packet.F_Options), + Post => RFLX.DCCP.Packet.Has_Buffer (Ctx) and then not Ctx'Constrained, + Annotate => (GNATprove, Might_Not_Return) + is + Opt_Type_Field : DCCP.Opt_Type; + Options_Sequence_Context : DCCP.Options.Context; + Option_Element_Context : DCCP.Option.Context; + begin + -- ******* + -- OPTIONS - these are a SEQUENCE field, and require special effort to read + -- ******* + + -- switch message read context from HEADER to Options SEQUENCE + DCCP.Packet.Switch_To_Options (Ctx, Options_Sequence_Context); + + -- loop through all elements in the Options SEQUENCE, if they exist + while DCCP.Options.Has_Element (Options_Sequence_Context) loop + pragma Loop_Invariant + (DCCP.Options.Has_Buffer (Options_Sequence_Context)); + pragma Loop_Invariant (DCCP.Options.Valid (Options_Sequence_Context)); + pragma Loop_Invariant + (Options_Sequence_Context.First = + Options_Sequence_Context.First'Loop_Entry); + pragma Loop_Invariant + (Options_Sequence_Context.Last = + Options_Sequence_Context.Last'Loop_Entry); + pragma Loop_Invariant + (not DCCP.Option.Has_Buffer (Option_Element_Context)); + pragma Loop_Invariant + (Ctx.Buffer_First = Options_Sequence_Context.Buffer_First); + pragma Loop_Invariant + (Ctx.Buffer_Last = Options_Sequence_Context.Buffer_Last); + + -- switch message read context from Options SEQUENCE to current ELEMENT in sequence + DCCP.Options.Switch + (Options_Sequence_Context, Option_Element_Context); + + -- This MUST be called in order to retrieve fields from the message! + -- It basically verifies the state of the message and sets flags up so you can access things + DCCP.Option.Verify_Message (Option_Element_Context); + + if not DCCP.Option.Well_Formed_Message (Option_Element_Context) then + DCCP.Options.Update + (Options_Sequence_Context, Option_Element_Context); + exit; + end if; + + Opt_Type_Field := + DCCP.Option.Get_Option_Type (Option_Element_Context); + + case Opt_Type_Field is + when DCCP.PADDING => + Ada.Text_IO.Put_Line + ("Option Type: " & DCCP.Opt_Type'Image (Opt_Type_Field)); + + when DCCP.CCID3_RCV_RATE | DCCP.CCID3_LOSS_EVT_RATE + | DCCP.TIMESTAMP | DCCP.NDP_COUNT => + Ada.Text_IO.Put_Line + ("Option Type: " & DCCP.Opt_Type'Image (Opt_Type_Field)); + Ada.Text_IO.Put_Line + ("Option Length: " & + DCCP.Option_Length_Type'Image + (DCCP.Option.Get_Option_Length (Option_Element_Context))); + + case Opt_Type_Field is + when DCCP.CCID3_RCV_RATE => + Ada.Text_IO.Put_Line + ("Receive Rate: " & + DCCP.Receive_Rate_Type'Image + (DCCP.Option.Get_Receive_Rate + (Option_Element_Context))); + when DCCP.CCID3_LOSS_EVT_RATE => + Ada.Text_IO.Put_Line + ("Loss Event Rate: " & + DCCP.Loss_Rate_Type'Image + (DCCP.Option.Get_Loss_Event_Rate + (Option_Element_Context))); + when DCCP.TIMESTAMP => + Ada.Text_IO.Put_Line + ("Timestamp: " & + DCCP.Timestamp_Option_Type'Image + (DCCP.Option.Get_Timestamp_Option + (Option_Element_Context))); + when DCCP.NDP_COUNT => + declare + Length : constant RFLX_Types.Bit_Length := + DCCP.Option.Field_Size + (Option_Element_Context, + DCCP.Option.F_NDP_Count_Opt); + NDP_Option_Count : RFLX_Types.Bytes := + (1 .. RFLX_Types.To_Index (Length) => 0); + begin + DCCP.Option.Get_NDP_Count_Opt + (Option_Element_Context, NDP_Option_Count); + Ada.Text_IO.Put_Line ("NDP Count: "); + Print_Data_Block (NDP_Option_Count); + end; + when others => + Ada.Text_IO.Put_Line ("Unknown Option"); + end case; + + when others => + Ada.Text_IO.Put_Line ("Unknown Option"); + end case; + + DCCP.Options.Update + (Options_Sequence_Context, Option_Element_Context); + + end loop; + + DCCP.Packet.Update_Options (Ctx, Options_Sequence_Context); + + end Print_Options; + + -- **************************************************** + -- Read and print out the DCCP REQUEST Message Contents + -- Note that the fields can be read in ANY order + -- **************************************************** + procedure DCCP_REQUEST (Ctx : DCCP.Packet.Context) is + begin + Ada.Text_IO.Put_Line ("START DCCP REQUEST READ"); + + Print_Generic_Header (Ctx); + Print_Sequence_Number_Long (Ctx); + + Ada.Text_IO.Put_Line + ("Service Code: " & + DCCP.Service_Code_Type'Image (DCCP.Packet.Get_Service_Code (Ctx))); + + Ada.Text_IO.Put_Line ("END DCCP REQUEST READ"); + + Ada.Text_IO + .New_Line; -- print a blank line to for an easy visual indication of message end + end DCCP_REQUEST; + + -- ************************************************ + -- Read and print out the DCCP ACK Message Contents + -- Note that the fields can be read in ANY order + -- ************************************************ + procedure DCCP_ACK (Ctx : in out DCCP.Packet.Context) is + begin + Ada.Text_IO.Put_Line ("START DCCP ACK READ"); + + Print_Generic_Header (Ctx); + if DCCP.Packet.Get_X (Ctx) = DCCP.EXTENDED then + Print_Sequence_Number_Long (Ctx); + Print_Ack_Number_Long (Ctx); + end if; + if DCCP.Packet.Valid (Ctx, DCCP.Packet.F_Options) then + Print_Options (Ctx); + end if; + + Ada.Text_IO.Put_Line ("END DCCP ACK READ"); + + Ada.Text_IO + .New_Line; -- print a blank line to for an easy visual indication of message end + end DCCP_ACK; + + -- ***************************************************** + -- Read and print out the DCCP DATA ACK Message Contents + -- Note that the fields can be read in ANY order + -- ***************************************************** + procedure DCCP_DATA_ACK (Ctx : in out DCCP.Packet.Context) is + begin + Ada.Text_IO.Put_Line ("START DCCP DATA ACK READ"); + + Print_Generic_Header (Ctx); + if DCCP.Packet.Get_X (Ctx) = DCCP.EXTENDED then + Print_Sequence_Number_Long (Ctx); + Print_Ack_Number_Long (Ctx); + end if; + if DCCP.Packet.Valid (Ctx, DCCP.Packet.F_Options) then + Print_Options (Ctx); + end if; + + if DCCP.Packet.Present (Ctx, DCCP.Packet.F_Data) then + Ada.Text_IO.Put_Line ("Message Data:"); + Print_Data (Ctx); + end if; + Ada.Text_IO.Put_Line ("END DCCP DATA ACK READ"); + Ada.Text_IO.New_Line; + end DCCP_DATA_ACK; + + -- ************************************************* + -- Read and print out the DCCP DATA Message Contents + -- Note that the fields can be read in ANY order + -- ************************************************* + procedure DCCP_DATA (Ctx : DCCP.Packet.Context) is + begin + Ada.Text_IO.Put_Line ("START DCCP DATA READ"); + + Print_Generic_Header (Ctx); + + if DCCP.Packet.Get_X (Ctx) = DCCP.EXTENDED then + Print_Sequence_Number_Long (Ctx); + end if; + + if DCCP.Packet.Present (Ctx, DCCP.Packet.F_Data) then + Ada.Text_IO.Put_Line ("Message Data:"); + Print_Data (Ctx); + end if; + Ada.Text_IO.Put_Line ("END DCCP DATA READ"); + Ada.Text_IO.New_Line; + end DCCP_DATA; + + -- ***************************************************** + -- Read and print out the DCCP DATA ACK Message Contents + -- Note that the fields can be read in ANY order + -- ***************************************************** + procedure DCCP_CLOSE (Ctx : DCCP.Packet.Context) is + begin + Ada.Text_IO.Put_Line ("START DCCP CLOSE READ"); + + Print_Generic_Header (Ctx); + + if DCCP.Packet.Get_X (Ctx) = DCCP.EXTENDED then + Print_Sequence_Number_Long (Ctx); + Print_Ack_Number_Long (Ctx); + end if; + + Ada.Text_IO.Put_Line ("END DCCP CLOSE READ"); + + Ada.Text_IO + .New_Line; -- print a blank line to for an easy visual indication of message end + end DCCP_CLOSE; + + -- ***************************************************** + -- Read and print out the DCCP DATA ACK Message Contents + -- Note that the fields can be read in ANY order + -- ***************************************************** + procedure DCCP_RESET (Ctx : in out DCCP.Packet.Context) is + begin + Ada.Text_IO.Put_Line ("START DCCP RESET READ"); + + Print_Generic_Header (Ctx); + Print_Sequence_Number_Long (Ctx); + Print_Ack_Number_Long (Ctx); + + Ada.Text_IO.Put_Line + ("Reset Code: " & + DCCP.Reset_Code_Type'Image (DCCP.Packet.Get_Reset_Code (Ctx))); + Ada.Text_IO.Put_Line + ("Data 1:" & DCCP.Data_Type'Image (DCCP.Packet.Get_Data_1 (Ctx))); + Ada.Text_IO.Put_Line + ("Data 2:" & DCCP.Data_Type'Image (DCCP.Packet.Get_Data_2 (Ctx))); + Ada.Text_IO.Put_Line + ("Data 3:" & DCCP.Data_Type'Image (DCCP.Packet.Get_Data_3 (Ctx))); + + if DCCP.Packet.Valid (Ctx, DCCP.Packet.F_Options) then + Print_Options (Ctx); + end if; + + Ada.Text_IO.Put_Line ("END DCCP RESET READ"); + + Ada.Text_IO + .New_Line; -- print a blank line to for an easy visual indication of message end + end DCCP_RESET; + + -- ***************************************************** + -- Read and print out the DCCP RESPONSE Message Contents + -- Note that the fields can be read in ANY order + -- ***************************************************** + procedure DCCP_RESPONSE (Ctx : DCCP.Packet.Context) is + begin + Ada.Text_IO.Put_Line ("START DCCP RESPONSE READ"); + + Print_Generic_Header (Ctx); + Print_Sequence_Number_Long (Ctx); + Print_Ack_Number_Long (Ctx); + + Ada.Text_IO.Put_Line + ("Service Code: " & + DCCP.Service_Code_Type'Image (DCCP.Packet.Get_Service_Code (Ctx))); + + Ada.Text_IO.Put_Line ("END DCCP RESPONSE READ"); + + Ada.Text_IO + .New_Line; -- print a blank line to for an easy visual indication of message end + end DCCP_RESPONSE; + +end Msg_Read; diff --git a/examples/apps/dccp/dccp_server/src/msg_read.ads b/examples/apps/dccp/dccp_server/src/msg_read.ads new file mode 100644 index 000000000..edc79b073 --- /dev/null +++ b/examples/apps/dccp/dccp_server/src/msg_read.ads @@ -0,0 +1,68 @@ +with RFLX.DCCP.Packet; + +package Msg_Read with + SPARK_Mode => On +is + use RFLX; + use type DCCP.Type_Field; + + procedure DCCP_REQUEST (Ctx : DCCP.Packet.Context) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then DCCP.Packet.Well_Formed_Message (Ctx) + and then DCCP.Packet.Get_Packet_Type (Ctx) = DCCP.DCCP_REQUEST; + + procedure DCCP_ACK (Ctx : in out DCCP.Packet.Context) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then DCCP.Packet.Well_Formed_Message (Ctx) + and then DCCP.Packet.Get_Packet_Type (Ctx) = DCCP.DCCP_ACK, + Post => + RFLX.DCCP.Packet.Has_Buffer (Ctx), + Annotate => + (GNATprove, Might_Not_Return); + + procedure DCCP_DATA_ACK (Ctx : in out DCCP.Packet.Context) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then DCCP.Packet.Well_Formed_Message (Ctx) + and then DCCP.Packet.Get_Packet_Type (Ctx) = DCCP.DCCP_DATA_ACK, + Post => + RFLX.DCCP.Packet.Has_Buffer (Ctx), + Annotate => + (GNATprove, Might_Not_Return); + + procedure DCCP_DATA (Ctx : DCCP.Packet.Context) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then DCCP.Packet.Well_Formed_Message (Ctx) + and then DCCP.Packet.Get_Packet_Type (Ctx) = DCCP.DCCP_DATA, + Annotate => + (GNATprove, Might_Not_Return); + + procedure DCCP_CLOSE (Ctx : DCCP.Packet.Context) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then DCCP.Packet.Well_Formed_Message (Ctx) + and then DCCP.Packet.Get_Packet_Type (Ctx) = DCCP.DCCP_CLOSE; + + procedure DCCP_RESET (Ctx : in out DCCP.Packet.Context) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then DCCP.Packet.Well_Formed_Message (Ctx) + and then DCCP.Packet.Get_Packet_Type (Ctx) = DCCP.DCCP_RESET, + Post => + RFLX.DCCP.Packet.Has_Buffer (Ctx), + Annotate => + (GNATprove, Might_Not_Return); + + procedure DCCP_RESPONSE (Ctx : DCCP.Packet.Context) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then DCCP.Packet.Well_Formed_Message (Ctx) + and then DCCP.Packet.Get_Packet_Type (Ctx) = DCCP.DCCP_RESPONSE; + +end Msg_Read; diff --git a/examples/apps/dccp/defaults.gpr b/examples/apps/dccp/defaults.gpr new file mode 100644 index 000000000..1d6bf1251 --- /dev/null +++ b/examples/apps/dccp/defaults.gpr @@ -0,0 +1,152 @@ +abstract project Defaults is + + type Build_Mode is ("strict", "asserts_enabled", "optimized"); + Mode : Build_Mode := external ("mode", "asserts_enabled"); + Cache := external ("GNATPROVE_CACHE", ""); + Procs := external ("GNATPROVE_PROCS", ""); + + Compiler_Variant := external ("gnat", ""); + + GNATVI := "-gnatVi"; + GNATVO := "-gnatVo"; + GNATEV := "-gnateV"; + GNATA := ""; -- "-gnata"; + + case Compiler_Variant is + when "community2020" => + GNATVI := ""; -- Eng/RecordFlux/Workarounds#43 + GNATA := ""; -- Eng/RecordFlux/Workarounds#49 + when "community2021" => + GNATA := ""; -- Eng/RecordFlux/Workarounds#49 + when "pro20.2" => + GNATVI := ""; -- Eng/RecordFlux/Workarounds#43 + GNATVO := ""; -- Eng/RecordFlux/Workarounds#23 + GNATEV := ""; -- Eng/RecordFlux/Workarounds#22 + GNATA := ""; -- Eng/RecordFlux/Workarounds#49 + when "pro21.2" | "pro22.2" => + GNATA := ""; -- Eng/RecordFlux/Workarounds#49 + when "fsf11.2.4" | "fsf12.1.2" => + GNATA := ""; -- Eng/RecordFlux/Workarounds#49 + when others => + end case; + + case Mode is + when "strict" | "optimized" => + GNATA := ""; + when "asserts_enabled" => + end case; + + Global_Configuration_Pragmas := "defaults_backward_compatible.adc"; + + case Compiler_Variant is + when "pro23.0w-20220508" | "pro23.0" | "pro23.1" | "pro23.2" => + Global_Configuration_Pragmas := "defaults.adc"; + when others => + end case; + + Cache_Switch := ""; + case Cache is + when "" => + null; + when others => + Cache_Switch := "--memcached-server=" & Cache; + end case; + + Procs_Switch := ""; + case Procs is + when "" => + Procs_Switch := "-j 0"; + when others => + Procs_Switch := "-j " & Procs; + end case; + + Proof_Switches := + ( + "--prover=z3,cvc4,altergo,colibri", + "--steps=0", + "--timeout=180", + "--memlimit=1500", + "--checks-as-errors", + "--warnings=error", + -- Eng/RecordFlux/RecordFlux#670 + -- "--proof-warnings", + "--function-sandboxing=off", + "--counterexamples=off", + Procs_Switch, + Cache_Switch + ); + + Builder_Switches := + ( + "-j0" + ); + + Compiler_Switches := + ( + "-gnatA", -- Avoid processing gnat.adc. If a gnat.adc file is present, it will be ignored. + "-gnatf", -- Full errors. Multiple errors per line, all undefined references, do not attempt to suppress cascaded errors. + "-gnatU", -- Tag all error messages with the unique string ‘error:’. + + -- Validity Checks + "-gnatVc", -- Validity checks for copies. + "-gnatVd", -- Default (RM) validity checks. + "-gnatVe", -- Validity checks for elementary components. + "-gnatVf", -- Validity checks for floating-point values. + GNATVI, -- Validity checks for ``in`` mode parameters. + "-gnatVm", -- Validity checks for ``in out`` mode parameters. + GNATVO, -- Validity checks for operator and attribute operands. + "-gnatVp", -- Validity checks for parameters. + "-gnatVr", -- Validity checks for function returns. + "-gnatVs", -- Validity checks for subscripts. + "-gnatVt", -- Validity checks for tests. + GNATEV, -- Check that all actual parameters of a subprogram call are valid according to the rules of validity checking (Validity Checking). + + -- Debugging + "-fstack-check", -- Activate stack checking. + "-g", -- Enable generation of debugging information. + GNATA, -- Enable assertions. + + -- Warnings + "-gnatwa", -- Activate most optional warnings. + "-gnatw.d", -- Activate tagging of warning and info messages. + "-gnatwe", -- Treat all run-time exception warnings as errors. + "-gnatwd", -- Activate warnings on implicit dereferencing. + -- Eng/RecordFlux/Workarounds#27 + -- "-gnatwh", -- Activate warnings on hiding. + "-gnatwt", -- Activate warnings for tracking of deleted conditional code. + "-gnatwQ", -- Suppress warnings on questionable missing parentheses. + + -- Style Checks + "-gnaty3", -- Specify indentation level. + "-gnatya", -- Check attribute casing. + "-gnatyA", -- Use of array index numbers in array attributes. + "-gnatyb", -- Blanks not allowed at statement end. + "-gnatyC", -- Check comments, single space. + "-gnatyd", -- Check no DOS line terminators present. + "-gnatye", -- Check end/exit labels. + "-gnatyf", -- No form feeds or vertical tabs. + "-gnatyh", -- No horizontal tabs. + "-gnatyi", -- Check if-then layout. + "-gnatyI", -- Check mode IN keywords. + "-gnatyk", -- Check keyword casing. + "-gnatyl", -- Check layout. + "-gnatyL9", -- Set maximum nesting level. + "-gnatyM120", -- Set maximum line length. + "-gnatyn", -- Check casing of entities in Standard. + "-gnatyO", -- Check that overriding subprograms are explicitly marked as such. + "-gnatyp", -- Check pragma casing. + "-gnatyr", -- Check references. + "-gnatyS", -- Check no statements after then/else. + "-gnatyt", -- Check token spacing. + "-gnatyu", -- Check unnecessary blank lines. + "-gnatyx", -- Check extra parentheses. + + "" + ); + + Binder_Switches := + ( + "-Es" + ); + +end Defaults; diff --git a/examples/apps/dccp/rflx/generated/rflx-dccp-option.adb b/examples/apps/dccp/rflx/generated/rflx-dccp-option.adb new file mode 100644 index 000000000..9ad2269bc --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-dccp-option.adb @@ -0,0 +1,888 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); +pragma Warnings (Off, "redundant conversion"); +with RFLX.RFLX_Types.Operations; + +package body RFLX.DCCP.Option with + SPARK_Mode +is + + pragma Unevaluated_Use_Of_Old (Allow); + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; Written_Last : RFLX_Types.Bit_Length := 0) is + begin + Initialize (Ctx, Buffer, RFLX_Types.To_First_Bit_Index (Buffer'First), RFLX_Types.To_Last_Bit_Index (Buffer'Last), Written_Last); + end Initialize; + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length := 0) is + Buffer_First : constant RFLX_Types.Index := Buffer'First; + Buffer_Last : constant RFLX_Types.Index := Buffer'Last; + begin + Ctx := (Buffer_First, Buffer_Last, First, Last, First - 1, (if Written_Last = 0 then First - 1 else Written_Last), Buffer, (F_Option_Type => (State => S_Invalid, Predecessor => F_Initial), others => (State => S_Invalid, Predecessor => F_Final))); + Buffer := null; + end Initialize; + + procedure Reset (Ctx : in out Context) is + begin + Reset (Ctx, RFLX_Types.To_First_Bit_Index (Ctx.Buffer'First), RFLX_Types.To_Last_Bit_Index (Ctx.Buffer'Last)); + end Reset; + + procedure Reset (Ctx : in out Context; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) is + begin + Ctx := (Ctx.Buffer_First, Ctx.Buffer_Last, First, Last, First - 1, First - 1, Ctx.Buffer, (F_Option_Type => (State => S_Invalid, Predecessor => F_Initial), others => (State => S_Invalid, Predecessor => F_Final))); + end Reset; + + procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) is + begin + Buffer := Ctx.Buffer; + Ctx.Buffer := null; + end Take_Buffer; + + procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) is + begin + if Buffer'Length > 0 then + Buffer := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last)); + else + Buffer := Ctx.Buffer.all (1 .. 0); + end if; + end Copy; + + function Read (Ctx : Context) return RFLX_Types.Bytes is + (Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last))); + + procedure Generic_Read (Ctx : Context) is + begin + Read (Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last))); + end Generic_Read; + + procedure Generic_Write (Ctx : in out Context; Offset : RFLX_Types.Length := 0) is + Length : RFLX_Types.Length; + begin + Reset (Ctx, RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First), RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last)); + Write (Ctx.Buffer.all (Ctx.Buffer'First + RFLX_Types.Index (Offset + 1) - 1 .. Ctx.Buffer'Last), Length, Ctx.Buffer'Length, Offset); + pragma Assert (Length <= Ctx.Buffer.all'Length, "Length <= Buffer'Length is not ensured by postcondition of ""Write"""); + Ctx.Written_Last := RFLX_Types.Bit_Index'Max (Ctx.Written_Last, RFLX_Types.To_Last_Bit_Index (RFLX_Types.Length (Ctx.Buffer_First) + Offset + Length - 1)); + end Generic_Write; + + procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) is + begin + Data := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last)); + end Data; + + pragma Warnings (Off, "precondition is always False"); + + function Successor (Ctx : Context; Fld : Field) return Virtual_Field is + ((case Fld is + when F_Option_Type => + (if + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)) + then + F_Final + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)) + then + F_Option_Length + else + F_Initial), + when F_Option_Length => + (if + Ctx.Cursors (F_Option_Length).Value >= 4 + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME)) + then + F_Elapsed_Time_Opt + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)) + then + F_Loss_Event_Rate + elsif + Ctx.Cursors (F_Option_Length).Value >= 3 + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT)) + then + F_NDP_Count_Opt + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R)) + then + F_Option_Feature + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)) + then + F_Receive_Rate + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) + then + F_Timestamp_Echo_Opt + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)) + then + F_Timestamp_Option + else + F_Initial), + when F_Loss_Event_Rate | F_NDP_Count_Opt => + F_Final, + when F_Option_Feature => + (if + (RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R))) + and (RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Feature).Value) < RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.FEATURE_RESERVED)) + or Ctx.Cursors (F_Option_Feature).Value > 255) + then + F_Final + elsif + True + then + F_Option_Value + else + F_Initial), + when F_Receive_Rate => + F_Final, + when F_Timestamp_Echo_Opt => + (if + Ctx.Cursors (F_Option_Length).Value >= 8 + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) + then + F_Elapsed_Time_Opt + else + F_Initial), + when F_Timestamp_Option | F_Option_Value | F_Elapsed_Time_Opt => + F_Final)) + with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and RFLX.DCCP.Option.Well_Formed (Ctx, Fld) + and RFLX.DCCP.Option.Valid_Predecessor (Ctx, Fld); + + pragma Warnings (On, "precondition is always False"); + + function Invalid_Successor (Ctx : Context; Fld : Field) return Boolean is + ((case Fld is + when F_Option_Type => + Invalid (Ctx.Cursors (F_Option_Length)), + when F_Option_Length => + Invalid (Ctx.Cursors (F_Elapsed_Time_Opt)) + and Invalid (Ctx.Cursors (F_Loss_Event_Rate)) + and Invalid (Ctx.Cursors (F_NDP_Count_Opt)) + and Invalid (Ctx.Cursors (F_Option_Feature)) + and Invalid (Ctx.Cursors (F_Receive_Rate)) + and Invalid (Ctx.Cursors (F_Timestamp_Echo_Opt)) + and Invalid (Ctx.Cursors (F_Timestamp_Option)), + when F_Loss_Event_Rate | F_NDP_Count_Opt => + True, + when F_Option_Feature => + Invalid (Ctx.Cursors (F_Option_Value)), + when F_Receive_Rate => + True, + when F_Timestamp_Echo_Opt => + Invalid (Ctx.Cursors (F_Elapsed_Time_Opt)), + when F_Timestamp_Option | F_Option_Value | F_Elapsed_Time_Opt => + True)); + + function Sufficient_Buffer_Length (Ctx : Context; Fld : Field) return Boolean is + (Ctx.Buffer /= null + and Field_First (Ctx, Fld) + Field_Size (Ctx, Fld) < RFLX_Types.Bit_Length'Last + and Ctx.First <= Field_First (Ctx, Fld) + and Field_First (Ctx, Fld) + Field_Size (Ctx, Fld) - 1 <= Ctx.Written_Last) + with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and RFLX.DCCP.Option.Valid_Next (Ctx, Fld); + + function Equal (Ctx : Context; Fld : Field; Data : RFLX_Types.Bytes) return Boolean is + (Sufficient_Buffer_Length (Ctx, Fld) + and then (case Fld is + when F_NDP_Count_Opt | F_Option_Value | F_Elapsed_Time_Opt => + Data'Length = RFLX_Types.To_Index (Field_Last (Ctx, Fld)) - RFLX_Types.To_Index (Field_First (Ctx, Fld)) + 1 + and then (for all I in RFLX_Types.Index range RFLX_Types.To_Index (Field_First (Ctx, Fld)) .. RFLX_Types.To_Index (Field_Last (Ctx, Fld)) => + Ctx.Buffer.all (I) = Data (Data'First + (I - RFLX_Types.To_Index (Field_First (Ctx, Fld))))), + when others => + False)); + + procedure Reset_Dependent_Fields (Ctx : in out Context; Fld : Field) with + Pre => + RFLX.DCCP.Option.Valid_Next (Ctx, Fld), + Post => + Valid_Next (Ctx, Fld) + and Invalid (Ctx.Cursors (Fld)) + and Invalid_Successor (Ctx, Fld) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Ctx.Cursors (Fld).Predecessor = Ctx.Cursors (Fld).Predecessor'Old + and Has_Buffer (Ctx) = Has_Buffer (Ctx)'Old + and Field_First (Ctx, Fld) = Field_First (Ctx, Fld)'Old + and Field_Size (Ctx, Fld) = Field_Size (Ctx, Fld)'Old + and (for all F in Field => + (if F < Fld then Ctx.Cursors (F) = Ctx.Cursors'Old (F) else Invalid (Ctx, F))) + is + First : constant RFLX_Types.Bit_Length := Field_First (Ctx, Fld) with + Ghost; + Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld) with + Ghost; + begin + pragma Assert (Field_First (Ctx, Fld) = First + and Field_Size (Ctx, Fld) = Size); + for Fld_Loop in reverse Field'Succ (Fld) .. Field'Last loop + Ctx.Cursors (Fld_Loop) := (S_Invalid, F_Final); + pragma Loop_Invariant (Field_First (Ctx, Fld) = First + and Field_Size (Ctx, Fld) = Size); + pragma Loop_Invariant ((for all F in Field => + (if F < Fld_Loop then Ctx.Cursors (F) = Ctx.Cursors'Loop_Entry (F) else Invalid (Ctx, F)))); + end loop; + pragma Assert (Field_First (Ctx, Fld) = First + and Field_Size (Ctx, Fld) = Size); + Ctx.Cursors (Fld) := (S_Invalid, Ctx.Cursors (Fld).Predecessor); + pragma Assert (Field_First (Ctx, Fld) = First + and Field_Size (Ctx, Fld) = Size); + end Reset_Dependent_Fields; + + function Composite_Field (Fld : Field) return Boolean is + (Fld in F_NDP_Count_Opt | F_Option_Value | F_Elapsed_Time_Opt); + + function Get (Ctx : Context; Fld : Field) return RFLX_Types.Base_Integer with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, Fld) + and then RFLX.DCCP.Option.Sufficient_Buffer_Length (Ctx, Fld) + and then not RFLX.DCCP.Option.Composite_Field (Fld) + is + First : constant RFLX_Types.Bit_Index := Field_First (Ctx, Fld); + Last : constant RFLX_Types.Bit_Index := Field_Last (Ctx, Fld); + Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (First); + Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Last); + Offset : constant RFLX_Types.Offset := RFLX_Types.Offset ((RFLX_Types.Byte'Size - Last mod RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size); + Size : constant Positive := (case Fld is + when F_Option_Type | F_Option_Length => + 8, + when F_Loss_Event_Rate => + 32, + when F_Option_Feature => + 8, + when F_Receive_Rate | F_Timestamp_Echo_Opt | F_Timestamp_Option => + 32, + when others => + Positive'Last); + Byte_Order : constant RFLX_Types.Byte_Order := RFLX_Types.High_Order_First; + begin + return RFLX_Types.Operations.Extract (Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Size, Byte_Order); + end Get; + + procedure Verify (Ctx : in out Context; Fld : Field) is + Value : RFLX_Types.Base_Integer; + begin + if + Invalid (Ctx.Cursors (Fld)) + and then Valid_Predecessor (Ctx, Fld) + and then Path_Condition (Ctx, Fld) + then + if Sufficient_Buffer_Length (Ctx, Fld) then + Value := (if Composite_Field (Fld) then 0 else Get (Ctx, Fld)); + if + Valid_Value (Fld, Value) + and then Field_Condition (Ctx, Fld, Value) + then + pragma Assert ((if + Fld = F_Elapsed_Time_Opt + or Fld = F_Loss_Event_Rate + or Fld = F_NDP_Count_Opt + or Fld = F_Option_Feature + or Fld = F_Option_Type + or Fld = F_Option_Value + or Fld = F_Receive_Rate + or Fld = F_Timestamp_Option + then + Field_Last (Ctx, Fld) mod RFLX_Types.Byte'Size = 0)); + pragma Assert ((((Field_Last (Ctx, Fld) + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size = 0); + Ctx.Verified_Last := ((Field_Last (Ctx, Fld) + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size; + pragma Assert (Field_Last (Ctx, Fld) <= Ctx.Verified_Last); + if Composite_Field (Fld) then + Ctx.Cursors (Fld) := (State => S_Well_Formed, First => Field_First (Ctx, Fld), Last => Field_Last (Ctx, Fld), Value => Value, Predecessor => Ctx.Cursors (Fld).Predecessor); + else + Ctx.Cursors (Fld) := (State => S_Valid, First => Field_First (Ctx, Fld), Last => Field_Last (Ctx, Fld), Value => Value, Predecessor => Ctx.Cursors (Fld).Predecessor); + end if; + Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); + else + Ctx.Cursors (Fld) := (State => S_Invalid, Predecessor => F_Final); + end if; + else + Ctx.Cursors (Fld) := (State => S_Incomplete, Predecessor => F_Final); + end if; + end if; + end Verify; + + procedure Verify_Message (Ctx : in out Context) is + begin + for F in Field loop + pragma Loop_Invariant (Has_Buffer (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Loop_Entry + and Ctx.Buffer_Last = Ctx.Buffer_Last'Loop_Entry + and Ctx.First = Ctx.First'Loop_Entry + and Ctx.Last = Ctx.Last'Loop_Entry); + Verify (Ctx, F); + end loop; + end Verify_Message; + + function Get_NDP_Count_Opt (Ctx : Context) return RFLX_Types.Bytes is + First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_NDP_Count_Opt).First); + Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_NDP_Count_Opt).Last); + begin + return Ctx.Buffer.all (First .. Last); + end Get_NDP_Count_Opt; + + function Get_Option_Value (Ctx : Context) return RFLX_Types.Bytes is + First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Option_Value).First); + Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Option_Value).Last); + begin + return Ctx.Buffer.all (First .. Last); + end Get_Option_Value; + + function Get_Elapsed_Time_Opt (Ctx : Context) return RFLX_Types.Bytes is + First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Elapsed_Time_Opt).First); + Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Elapsed_Time_Opt).Last); + begin + return Ctx.Buffer.all (First .. Last); + end Get_Elapsed_Time_Opt; + + procedure Get_NDP_Count_Opt (Ctx : Context; Data : out RFLX_Types.Bytes) is + First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_NDP_Count_Opt).First); + Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_NDP_Count_Opt).Last); + begin + Data := (others => RFLX_Types.Byte'First); + Data (Data'First .. Data'First + (Last - First)) := Ctx.Buffer.all (First .. Last); + end Get_NDP_Count_Opt; + + procedure Get_Option_Value (Ctx : Context; Data : out RFLX_Types.Bytes) is + First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Option_Value).First); + Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Option_Value).Last); + begin + Data := (others => RFLX_Types.Byte'First); + Data (Data'First .. Data'First + (Last - First)) := Ctx.Buffer.all (First .. Last); + end Get_Option_Value; + + procedure Get_Elapsed_Time_Opt (Ctx : Context; Data : out RFLX_Types.Bytes) is + First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Elapsed_Time_Opt).First); + Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Elapsed_Time_Opt).Last); + begin + Data := (others => RFLX_Types.Byte'First); + Data (Data'First .. Data'First + (Last - First)) := Ctx.Buffer.all (First .. Last); + end Get_Elapsed_Time_Opt; + + procedure Generic_Get_NDP_Count_Opt (Ctx : Context) is + First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_NDP_Count_Opt).First); + Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_NDP_Count_Opt).Last); + begin + Process_NDP_Count_Opt (Ctx.Buffer.all (First .. Last)); + end Generic_Get_NDP_Count_Opt; + + procedure Generic_Get_Option_Value (Ctx : Context) is + First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Option_Value).First); + Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Option_Value).Last); + begin + Process_Option_Value (Ctx.Buffer.all (First .. Last)); + end Generic_Get_Option_Value; + + procedure Generic_Get_Elapsed_Time_Opt (Ctx : Context) is + First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Elapsed_Time_Opt).First); + Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Elapsed_Time_Opt).Last); + begin + Process_Elapsed_Time_Opt (Ctx.Buffer.all (First .. Last)); + end Generic_Get_Elapsed_Time_Opt; + + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.Base_Integer; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, Fld) + and then RFLX.DCCP.Option.Valid_Value (Fld, Val) + and then RFLX.DCCP.Option.Valid_Size (Ctx, Fld, Size) + and then Size <= RFLX.DCCP.Option.Available_Space (Ctx, Fld) + and then (if RFLX.DCCP.Option.Composite_Field (Fld) then Size mod RFLX_Types.Byte'Size = 0 else State_Valid), + Post => + Valid_Next (Ctx, Fld) + and then Invalid_Successor (Ctx, Fld) + and then Buffer_First = RFLX_Types.To_Index (Field_First (Ctx, Fld)) + and then Buffer_Last = RFLX_Types.To_Index (Field_First (Ctx, Fld) + Size - 1) + and then Offset = RFLX_Types.Offset ((RFLX_Types.Byte'Size - (Field_First (Ctx, Fld) + Size - 1) mod RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size) + and then Ctx.Buffer_First = Ctx.Buffer_First'Old + and then Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and then Ctx.First = Ctx.First'Old + and then Ctx.Last = Ctx.Last'Old + and then Ctx.Buffer_First = Ctx.Buffer_First'Old + and then Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and then Ctx.First = Ctx.First'Old + and then Ctx.Last = Ctx.Last'Old + and then Has_Buffer (Ctx) = Has_Buffer (Ctx)'Old + and then Predecessor (Ctx, Fld) = Predecessor (Ctx, Fld)'Old + and then Field_First (Ctx, Fld) = Field_First (Ctx, Fld)'Old + and then Sufficient_Space (Ctx, Fld) + and then (if State_Valid and Size > 0 then Valid (Ctx, Fld) else Well_Formed (Ctx, Fld)) + and then (case Fld is + when F_Option_Type => + Get_Option_Type (Ctx) = To_Actual (Val) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)) + then + Predecessor (Ctx, F_Option_Length) = F_Option_Type + and Valid_Next (Ctx, F_Option_Length)) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), + when F_Option_Length => + Get_Option_Length (Ctx) = To_Actual (Val) + and (if + Get_Option_Length (Ctx) >= 4 + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME)) + then + Predecessor (Ctx, F_Elapsed_Time_Opt) = F_Option_Length + and Valid_Next (Ctx, F_Elapsed_Time_Opt)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)) + then + Predecessor (Ctx, F_Loss_Event_Rate) = F_Option_Length + and Valid_Next (Ctx, F_Loss_Event_Rate)) + and (if + Get_Option_Length (Ctx) >= 3 + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT)) + then + Predecessor (Ctx, F_NDP_Count_Opt) = F_Option_Length + and Valid_Next (Ctx, F_NDP_Count_Opt)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R)) + then + Predecessor (Ctx, F_Option_Feature) = F_Option_Length + and Valid_Next (Ctx, F_Option_Feature)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)) + then + Predecessor (Ctx, F_Receive_Rate) = F_Option_Length + and Valid_Next (Ctx, F_Receive_Rate)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) + then + Predecessor (Ctx, F_Timestamp_Echo_Opt) = F_Option_Length + and Valid_Next (Ctx, F_Timestamp_Echo_Opt)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)) + then + Predecessor (Ctx, F_Timestamp_Option) = F_Option_Length + and Valid_Next (Ctx, F_Timestamp_Option)), + when F_Loss_Event_Rate => + Get_Loss_Event_Rate (Ctx) = To_Actual (Val) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), + when F_NDP_Count_Opt => + (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), + when F_Option_Feature => + Get_Option_Feature (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Option_Value) = F_Option_Feature + and Valid_Next (Ctx, F_Option_Value)) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), + when F_Receive_Rate => + Get_Receive_Rate (Ctx) = To_Actual (Val) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), + when F_Timestamp_Echo_Opt => + Get_Timestamp_Echo_Opt (Ctx) = To_Actual (Val) + and (if + Get_Option_Length (Ctx) >= 8 + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) + then + Predecessor (Ctx, F_Elapsed_Time_Opt) = F_Timestamp_Echo_Opt + and Valid_Next (Ctx, F_Elapsed_Time_Opt)), + when F_Timestamp_Option => + Get_Timestamp_Option (Ctx) = To_Actual (Val) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), + when F_Option_Value | F_Elapsed_Time_Opt => + (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld))) + and then (for all F in Field => + (if F < Fld then Ctx.Cursors (F) = Ctx.Cursors'Old (F))) + is + First : RFLX_Types.Bit_Index; + Last : RFLX_Types.Bit_Length; + begin + Reset_Dependent_Fields (Ctx, Fld); + First := Field_First (Ctx, Fld); + Last := Field_First (Ctx, Fld) + Size - 1; + Offset := RFLX_Types.Offset ((RFLX_Types.Byte'Size - Last mod RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size); + Buffer_First := RFLX_Types.To_Index (First); + Buffer_Last := RFLX_Types.To_Index (Last); + pragma Assert ((((Last + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size = 0); + pragma Warnings (Off, "attribute Update is an obsolescent feature"); + Ctx := Ctx'Update (Verified_Last => ((Last + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size, Written_Last => ((Last + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size); + pragma Warnings (On, "attribute Update is an obsolescent feature"); + pragma Assert (Size = (case Fld is + when F_Option_Type | F_Option_Length => + 8, + when F_Loss_Event_Rate => + 32, + when F_NDP_Count_Opt => + RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Length).Value) * 8 - 16, + when F_Option_Feature => + 8, + when F_Receive_Rate | F_Timestamp_Echo_Opt | F_Timestamp_Option => + 32, + when F_Option_Value => + 8, + when F_Elapsed_Time_Opt => + (if + Ctx.Cursors (Fld).Predecessor = F_Option_Length + and then (Ctx.Cursors (F_Option_Length).Value >= 4 + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME))) + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Length).Value) * 8 - 16 + elsif + Ctx.Cursors (Fld).Predecessor = F_Timestamp_Echo_Opt + and then (Ctx.Cursors (F_Option_Length).Value >= 8 + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO))) + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Length).Value) * 8 - 48 + else + RFLX_Types.Unreachable))); + if State_Valid then + Ctx.Cursors (Fld) := (State => S_Valid, First => First, Last => Last, Value => Val, Predecessor => Ctx.Cursors (Fld).Predecessor); + else + Ctx.Cursors (Fld) := (State => S_Well_Formed, First => First, Last => Last, Value => Val, Predecessor => Ctx.Cursors (Fld).Predecessor); + end if; + Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); + pragma Assert (Last = (Field_First (Ctx, Fld) + Size) - 1); + end Set; + + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.Base_Integer) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, Fld) + and then Fld in F_Option_Type | F_Option_Length | F_Loss_Event_Rate | F_Option_Feature | F_Receive_Rate | F_Timestamp_Echo_Opt | F_Timestamp_Option + and then RFLX.DCCP.Option.Valid_Value (Fld, Val) + and then RFLX.DCCP.Option.Valid_Size (Ctx, Fld, RFLX.DCCP.Option.Field_Size (Ctx, Fld)) + and then RFLX.DCCP.Option.Available_Space (Ctx, Fld) >= RFLX.DCCP.Option.Field_Size (Ctx, Fld) + and then RFLX.DCCP.Option.Field_Size (Ctx, Fld) in 1 .. RFLX_Types.Base_Integer'Size + and then RFLX_Types.Fits_Into (Val, Natural (RFLX.DCCP.Option.Field_Size (Ctx, Fld))), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, Fld) + and Invalid_Successor (Ctx, Fld) + and (case Fld is + when F_Option_Type => + Get_Option_Type (Ctx) = To_Actual (Val) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)) + then + Predecessor (Ctx, F_Option_Length) = F_Option_Type + and Valid_Next (Ctx, F_Option_Length)) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), + when F_Option_Length => + Get_Option_Length (Ctx) = To_Actual (Val) + and (if + Get_Option_Length (Ctx) >= 4 + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME)) + then + Predecessor (Ctx, F_Elapsed_Time_Opt) = F_Option_Length + and Valid_Next (Ctx, F_Elapsed_Time_Opt)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)) + then + Predecessor (Ctx, F_Loss_Event_Rate) = F_Option_Length + and Valid_Next (Ctx, F_Loss_Event_Rate)) + and (if + Get_Option_Length (Ctx) >= 3 + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT)) + then + Predecessor (Ctx, F_NDP_Count_Opt) = F_Option_Length + and Valid_Next (Ctx, F_NDP_Count_Opt)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R)) + then + Predecessor (Ctx, F_Option_Feature) = F_Option_Length + and Valid_Next (Ctx, F_Option_Feature)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)) + then + Predecessor (Ctx, F_Receive_Rate) = F_Option_Length + and Valid_Next (Ctx, F_Receive_Rate)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) + then + Predecessor (Ctx, F_Timestamp_Echo_Opt) = F_Option_Length + and Valid_Next (Ctx, F_Timestamp_Echo_Opt)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)) + then + Predecessor (Ctx, F_Timestamp_Option) = F_Option_Length + and Valid_Next (Ctx, F_Timestamp_Option)), + when F_Loss_Event_Rate => + Get_Loss_Event_Rate (Ctx) = To_Actual (Val) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), + when F_NDP_Count_Opt => + (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), + when F_Option_Feature => + Get_Option_Feature (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Option_Value) = F_Option_Feature + and Valid_Next (Ctx, F_Option_Value)) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), + when F_Receive_Rate => + Get_Receive_Rate (Ctx) = To_Actual (Val) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), + when F_Timestamp_Echo_Opt => + Get_Timestamp_Echo_Opt (Ctx) = To_Actual (Val) + and (if + Get_Option_Length (Ctx) >= 8 + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) + then + Predecessor (Ctx, F_Elapsed_Time_Opt) = F_Timestamp_Echo_Opt + and Valid_Next (Ctx, F_Elapsed_Time_Opt)), + when F_Timestamp_Option => + Get_Timestamp_Option (Ctx) = To_Actual (Val) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld)), + when F_Option_Value | F_Elapsed_Time_Opt => + (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld))) + and (for all F in Field => + (if F < Fld then Ctx.Cursors (F) = Ctx.Cursors'Old (F))) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Has_Buffer (Ctx) = Has_Buffer (Ctx)'Old + and Predecessor (Ctx, Fld) = Predecessor (Ctx, Fld)'Old + and Field_First (Ctx, Fld) = Field_First (Ctx, Fld)'Old + is + Buffer_First, Buffer_Last : RFLX_Types.Index; + Offset : RFLX_Types.Offset; + Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); + begin + Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); + RFLX_Types.Operations.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); + end Set_Scalar; + + procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.DCCP.Opt_Type) is + begin + Set_Scalar (Ctx, F_Option_Type, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Option_Type; + + procedure Set_Option_Length (Ctx : in out Context; Val : RFLX.DCCP.Option_Length_Type) is + begin + Set_Scalar (Ctx, F_Option_Length, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Option_Length; + + procedure Set_Loss_Event_Rate (Ctx : in out Context; Val : RFLX.DCCP.Loss_Rate_Type) is + begin + Set_Scalar (Ctx, F_Loss_Event_Rate, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Loss_Event_Rate; + + procedure Set_Option_Feature (Ctx : in out Context; Val : RFLX.DCCP.Option_Feature_Type) is + begin + Set_Scalar (Ctx, F_Option_Feature, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Option_Feature; + + procedure Set_Receive_Rate (Ctx : in out Context; Val : RFLX.DCCP.Receive_Rate_Type) is + begin + Set_Scalar (Ctx, F_Receive_Rate, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Receive_Rate; + + procedure Set_Timestamp_Echo_Opt (Ctx : in out Context; Val : RFLX.DCCP.Timestamp_Echo_Option_Type) is + begin + Set_Scalar (Ctx, F_Timestamp_Echo_Opt, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Timestamp_Echo_Opt; + + procedure Set_Timestamp_Option (Ctx : in out Context; Val : RFLX.DCCP.Timestamp_Option_Type) is + begin + Set_Scalar (Ctx, F_Timestamp_Option, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Timestamp_Option; + + procedure Initialize_NDP_Count_Opt_Private (Ctx : in out Context; Length : RFLX_Types.Length) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) + and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt, Length) + and then RFLX_Types.To_Length (RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt)) >= Length + and then RFLX.DCCP.Option.Field_First (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) mod RFLX_Types.Byte'Size = 1, + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_NDP_Count_Opt) + and Field_Size (Ctx, F_NDP_Count_Opt) = RFLX_Types.To_Bit_Length (Length) + and Ctx.Verified_Last = Field_Last (Ctx, F_NDP_Count_Opt) + and Invalid (Ctx, F_Option_Feature) + and Invalid (Ctx, F_Receive_Rate) + and Invalid (Ctx, F_Timestamp_Echo_Opt) + and Invalid (Ctx, F_Timestamp_Option) + and Invalid (Ctx, F_Option_Value) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_NDP_Count_Opt) = Predecessor (Ctx, F_NDP_Count_Opt)'Old + and Valid_Next (Ctx, F_NDP_Count_Opt) = Valid_Next (Ctx, F_NDP_Count_Opt)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_NDP_Count_Opt) = Field_First (Ctx, F_NDP_Count_Opt)'Old + is + First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_NDP_Count_Opt); + Last : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_NDP_Count_Opt) + RFLX_Types.Bit_Length (Length) * RFLX_Types.Byte'Size - 1; + begin + pragma Assert (Last mod RFLX_Types.Byte'Size = 0); + Reset_Dependent_Fields (Ctx, F_NDP_Count_Opt); + pragma Warnings (Off, "attribute Update is an obsolescent feature"); + Ctx := Ctx'Update (Verified_Last => Last, Written_Last => Last); + pragma Warnings (On, "attribute Update is an obsolescent feature"); + Ctx.Cursors (F_NDP_Count_Opt) := (State => S_Well_Formed, First => First, Last => Last, Value => 0, Predecessor => Ctx.Cursors (F_NDP_Count_Opt).Predecessor); + Ctx.Cursors (Successor (Ctx, F_NDP_Count_Opt)) := (State => S_Invalid, Predecessor => F_NDP_Count_Opt); + end Initialize_NDP_Count_Opt_Private; + + procedure Initialize_NDP_Count_Opt (Ctx : in out Context) is + begin + Initialize_NDP_Count_Opt_Private (Ctx, RFLX_Types.To_Length (Field_Size (Ctx, F_NDP_Count_Opt))); + end Initialize_NDP_Count_Opt; + + procedure Initialize_Option_Value_Private (Ctx : in out Context; Length : RFLX_Types.Length) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Value) + and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_Option_Value, Length) + and then RFLX_Types.To_Length (RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Value)) >= Length + and then RFLX.DCCP.Option.Field_First (Ctx, RFLX.DCCP.Option.F_Option_Value) mod RFLX_Types.Byte'Size = 1, + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Option_Value) + and Field_Size (Ctx, F_Option_Value) = RFLX_Types.To_Bit_Length (Length) + and Ctx.Verified_Last = Field_Last (Ctx, F_Option_Value) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Option_Value) = Predecessor (Ctx, F_Option_Value)'Old + and Valid_Next (Ctx, F_Option_Value) = Valid_Next (Ctx, F_Option_Value)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Get_Option_Feature (Ctx) = Get_Option_Feature (Ctx)'Old + and Field_First (Ctx, F_Option_Value) = Field_First (Ctx, F_Option_Value)'Old + is + First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Option_Value); + Last : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Option_Value) + RFLX_Types.Bit_Length (Length) * RFLX_Types.Byte'Size - 1; + begin + pragma Assert (Last mod RFLX_Types.Byte'Size = 0); + Reset_Dependent_Fields (Ctx, F_Option_Value); + pragma Warnings (Off, "attribute Update is an obsolescent feature"); + Ctx := Ctx'Update (Verified_Last => Last, Written_Last => Last); + pragma Warnings (On, "attribute Update is an obsolescent feature"); + Ctx.Cursors (F_Option_Value) := (State => S_Well_Formed, First => First, Last => Last, Value => 0, Predecessor => Ctx.Cursors (F_Option_Value).Predecessor); + Ctx.Cursors (Successor (Ctx, F_Option_Value)) := (State => S_Invalid, Predecessor => F_Option_Value); + end Initialize_Option_Value_Private; + + procedure Initialize_Option_Value (Ctx : in out Context) is + begin + Initialize_Option_Value_Private (Ctx, RFLX_Types.To_Length (Field_Size (Ctx, F_Option_Value))); + end Initialize_Option_Value; + + procedure Initialize_Elapsed_Time_Opt_Private (Ctx : in out Context; Length : RFLX_Types.Length) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) + and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt, Length) + and then RFLX_Types.To_Length (RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt)) >= Length + and then RFLX.DCCP.Option.Field_First (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) mod RFLX_Types.Byte'Size = 1, + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Elapsed_Time_Opt) + and Field_Size (Ctx, F_Elapsed_Time_Opt) = RFLX_Types.To_Bit_Length (Length) + and Ctx.Verified_Last = Field_Last (Ctx, F_Elapsed_Time_Opt) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Elapsed_Time_Opt) = Predecessor (Ctx, F_Elapsed_Time_Opt)'Old + and Valid_Next (Ctx, F_Elapsed_Time_Opt) = Valid_Next (Ctx, F_Elapsed_Time_Opt)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_Elapsed_Time_Opt) = Field_First (Ctx, F_Elapsed_Time_Opt)'Old + is + First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Elapsed_Time_Opt); + Last : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Elapsed_Time_Opt) + RFLX_Types.Bit_Length (Length) * RFLX_Types.Byte'Size - 1; + begin + pragma Assert (Last mod RFLX_Types.Byte'Size = 0); + Reset_Dependent_Fields (Ctx, F_Elapsed_Time_Opt); + pragma Warnings (Off, "attribute Update is an obsolescent feature"); + Ctx := Ctx'Update (Verified_Last => Last, Written_Last => Last); + pragma Warnings (On, "attribute Update is an obsolescent feature"); + Ctx.Cursors (F_Elapsed_Time_Opt) := (State => S_Well_Formed, First => First, Last => Last, Value => 0, Predecessor => Ctx.Cursors (F_Elapsed_Time_Opt).Predecessor); + Ctx.Cursors (Successor (Ctx, F_Elapsed_Time_Opt)) := (State => S_Invalid, Predecessor => F_Elapsed_Time_Opt); + end Initialize_Elapsed_Time_Opt_Private; + + procedure Initialize_Elapsed_Time_Opt (Ctx : in out Context) is + begin + Initialize_Elapsed_Time_Opt_Private (Ctx, RFLX_Types.To_Length (Field_Size (Ctx, F_Elapsed_Time_Opt))); + end Initialize_Elapsed_Time_Opt; + + procedure Set_NDP_Count_Opt (Ctx : in out Context; Data : RFLX_Types.Bytes) is + Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (Field_First (Ctx, F_NDP_Count_Opt)); + Buffer_Last : constant RFLX_Types.Index := Buffer_First + Data'Length - 1; + begin + Initialize_NDP_Count_Opt_Private (Ctx, Data'Length); + pragma Assert (Buffer_Last = RFLX_Types.To_Index (Field_Last (Ctx, F_NDP_Count_Opt))); + Ctx.Buffer.all (Buffer_First .. Buffer_Last) := Data; + pragma Assert (Ctx.Buffer.all (RFLX_Types.To_Index (Field_First (Ctx, F_NDP_Count_Opt)) .. RFLX_Types.To_Index (Field_Last (Ctx, F_NDP_Count_Opt))) = Data); + end Set_NDP_Count_Opt; + + procedure Set_Option_Value (Ctx : in out Context; Data : RFLX_Types.Bytes) is + Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (Field_First (Ctx, F_Option_Value)); + Buffer_Last : constant RFLX_Types.Index := Buffer_First + Data'Length - 1; + begin + Initialize_Option_Value_Private (Ctx, Data'Length); + pragma Assert (Buffer_Last = RFLX_Types.To_Index (Field_Last (Ctx, F_Option_Value))); + Ctx.Buffer.all (Buffer_First .. Buffer_Last) := Data; + pragma Assert (Ctx.Buffer.all (RFLX_Types.To_Index (Field_First (Ctx, F_Option_Value)) .. RFLX_Types.To_Index (Field_Last (Ctx, F_Option_Value))) = Data); + end Set_Option_Value; + + procedure Set_Elapsed_Time_Opt (Ctx : in out Context; Data : RFLX_Types.Bytes) is + Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (Field_First (Ctx, F_Elapsed_Time_Opt)); + Buffer_Last : constant RFLX_Types.Index := Buffer_First + Data'Length - 1; + begin + Initialize_Elapsed_Time_Opt_Private (Ctx, Data'Length); + pragma Assert (Buffer_Last = RFLX_Types.To_Index (Field_Last (Ctx, F_Elapsed_Time_Opt))); + Ctx.Buffer.all (Buffer_First .. Buffer_Last) := Data; + pragma Assert (Ctx.Buffer.all (RFLX_Types.To_Index (Field_First (Ctx, F_Elapsed_Time_Opt)) .. RFLX_Types.To_Index (Field_Last (Ctx, F_Elapsed_Time_Opt))) = Data); + end Set_Elapsed_Time_Opt; + + procedure Generic_Set_NDP_Count_Opt (Ctx : in out Context; Length : RFLX_Types.Length) is + First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_NDP_Count_Opt); + Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (First); + Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (First + RFLX_Types.To_Bit_Length (Length) - 1); + begin + Process_NDP_Count_Opt (Ctx.Buffer.all (Buffer_First .. Buffer_Last)); + Initialize_NDP_Count_Opt_Private (Ctx, Length); + end Generic_Set_NDP_Count_Opt; + + procedure Generic_Set_Option_Value (Ctx : in out Context; Length : RFLX_Types.Length) is + First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Option_Value); + Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (First); + Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (First + RFLX_Types.To_Bit_Length (Length) - 1); + begin + Process_Option_Value (Ctx.Buffer.all (Buffer_First .. Buffer_Last)); + Initialize_Option_Value_Private (Ctx, Length); + end Generic_Set_Option_Value; + + procedure Generic_Set_Elapsed_Time_Opt (Ctx : in out Context; Length : RFLX_Types.Length) is + First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Elapsed_Time_Opt); + Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (First); + Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (First + RFLX_Types.To_Bit_Length (Length) - 1); + begin + Process_Elapsed_Time_Opt (Ctx.Buffer.all (Buffer_First .. Buffer_Last)); + Initialize_Elapsed_Time_Opt_Private (Ctx, Length); + end Generic_Set_Elapsed_Time_Opt; + +end RFLX.DCCP.Option; diff --git a/examples/apps/dccp/rflx/generated/rflx-dccp-option.ads b/examples/apps/dccp/rflx/generated/rflx-dccp-option.ads new file mode 100644 index 000000000..d6ce5543d --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-dccp-option.ads @@ -0,0 +1,1559 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); +pragma Warnings (Off, "redundant conversion"); +with RFLX.RFLX_Types; + +package RFLX.DCCP.Option with + SPARK_Mode, + Annotate => + (GNATprove, Always_Return) +is + + pragma Warnings (Off, "use clause for type ""Base_Integer"" * has no effect"); + + pragma Warnings (Off, "use clause for type ""Bytes"" * has no effect"); + + pragma Warnings (Off, """BASE_INTEGER"" is already use-visible through previous use_type_clause"); + + pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); + + use type RFLX_Types.Bytes; + + use type RFLX_Types.Byte; + + use type RFLX_Types.Bytes_Ptr; + + use type RFLX_Types.Length; + + use type RFLX_Types.Index; + + use type RFLX_Types.Bit_Index; + + use type RFLX_Types.Base_Integer; + + use type RFLX_Types.Offset; + + pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); + + pragma Warnings (On, """BASE_INTEGER"" is already use-visible through previous use_type_clause"); + + pragma Warnings (On, "use clause for type ""Base_Integer"" * has no effect"); + + pragma Warnings (On, "use clause for type ""Bytes"" * has no effect"); + + pragma Unevaluated_Use_Of_Old (Allow); + + type Virtual_Field is (F_Initial, F_Option_Type, F_Option_Length, F_Loss_Event_Rate, F_NDP_Count_Opt, F_Option_Feature, F_Receive_Rate, F_Timestamp_Echo_Opt, F_Timestamp_Option, F_Option_Value, F_Elapsed_Time_Opt, F_Final); + + subtype Field is Virtual_Field range F_Option_Type .. F_Elapsed_Time_Opt; + + type Field_Cursor is private with + Default_Initial_Condition => + False; + + type Field_Cursors is private with + Default_Initial_Condition => + False; + + type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with + Default_Initial_Condition => + RFLX_Types.To_Index (First) >= Buffer_First + and RFLX_Types.To_Index (Last) <= Buffer_Last + and Buffer_Last < RFLX_Types.Index'Last + and First <= Last + 1 + and Last < RFLX_Types.Bit_Index'Last + and First rem RFLX_Types.Byte'Size = 1 + and Last rem RFLX_Types.Byte'Size = 0; + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; Written_Last : RFLX_Types.Bit_Length := 0) with + Pre => + not Ctx'Constrained + and then Buffer /= null + and then Buffer'Length > 0 + and then Buffer'Last < RFLX_Types.Index'Last + and then (Written_Last = 0 + or (Written_Last >= RFLX_Types.To_First_Bit_Index (Buffer'First) - 1 + and Written_Last <= RFLX_Types.To_Last_Bit_Index (Buffer'Last))) + and then Written_Last mod RFLX_Types.Byte'Size = 0, + Post => + Has_Buffer (Ctx) + and Buffer = null + and Ctx.Buffer_First = Buffer'First'Old + and Ctx.Buffer_Last = Buffer'Last'Old + and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) + and Ctx.Last = RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last) + and Initialized (Ctx), + Depends => + (Ctx => (Buffer, Written_Last), Buffer => null); + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length := 0) with + Pre => + not Ctx'Constrained + and then Buffer /= null + and then Buffer'Length > 0 + and then Buffer'Last < RFLX_Types.Index'Last + and then RFLX_Types.To_Index (First) >= Buffer'First + and then RFLX_Types.To_Index (Last) <= Buffer'Last + and then First <= Last + 1 + and then Last < RFLX_Types.Bit_Index'Last + and then First rem RFLX_Types.Byte'Size = 1 + and then Last rem RFLX_Types.Byte'Size = 0 + and then (Written_Last = 0 + or (Written_Last >= First - 1 + and Written_Last <= Last)) + and then Written_Last rem RFLX_Types.Byte'Size = 0, + Post => + Buffer = null + and Has_Buffer (Ctx) + and Ctx.Buffer_First = Buffer'First'Old + and Ctx.Buffer_Last = Buffer'Last'Old + and Ctx.First = First + and Ctx.Last = Last + and Initialized (Ctx), + Depends => + (Ctx => (Buffer, First, Last, Written_Last), Buffer => null); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Initialized (Ctx : Context) return Boolean with + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + procedure Reset (Ctx : in out Context) with + Pre => + not Ctx'Constrained + and RFLX.DCCP.Option.Has_Buffer (Ctx), + Post => + Has_Buffer (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) + and Ctx.Last = RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last) + and Initialized (Ctx); + + procedure Reset (Ctx : in out Context; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) with + Pre => + not Ctx'Constrained + and RFLX.DCCP.Option.Has_Buffer (Ctx) + and RFLX_Types.To_Index (First) >= Ctx.Buffer_First + and RFLX_Types.To_Index (Last) <= Ctx.Buffer_Last + and First <= Last + 1 + and Last < RFLX_Types.Bit_Length'Last + and First rem RFLX_Types.Byte'Size = 1 + and Last rem RFLX_Types.Byte'Size = 0, + Post => + Has_Buffer (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = First + and Ctx.Last = Last + and Initialized (Ctx); + + procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx), + Post => + not Has_Buffer (Ctx) + and Buffer /= null + and Ctx.Buffer_First = Buffer'First + and Ctx.Buffer_Last = Buffer'Last + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Context_Cursors (Ctx) = Context_Cursors (Ctx)'Old, + Depends => + (Ctx => Ctx, Buffer => Ctx); + + procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Well_Formed_Message (Ctx) + and then RFLX.DCCP.Option.Byte_Size (Ctx) = Buffer'Length; + + function Read (Ctx : Context) return RFLX_Types.Bytes with + Ghost, + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Well_Formed_Message (Ctx); + + pragma Warnings (Off, "formal parameter ""*"" is not referenced"); + + pragma Warnings (Off, "unused variable ""*"""); + + function Always_Valid (Buffer : RFLX_Types.Bytes) return Boolean is + (True); + + pragma Warnings (On, "unused variable ""*"""); + + pragma Warnings (On, "formal parameter ""*"" is not referenced"); + + generic + with procedure Read (Buffer : RFLX_Types.Bytes); + with function Pre (Buffer : RFLX_Types.Bytes) return Boolean is Always_Valid; + procedure Generic_Read (Ctx : Context) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Well_Formed_Message (Ctx) + and then Pre (Read (Ctx)); + + pragma Warnings (Off, "formal parameter ""*"" is not referenced"); + + pragma Warnings (Off, "unused variable ""*"""); + + function Always_Valid (Context_Buffer_Length : RFLX_Types.Length; Offset : RFLX_Types.Length) return Boolean is + (True); + + pragma Warnings (On, "unused variable ""*"""); + + pragma Warnings (On, "formal parameter ""*"" is not referenced"); + + generic + with procedure Write (Buffer : out RFLX_Types.Bytes; Length : out RFLX_Types.Length; Context_Buffer_Length : RFLX_Types.Length; Offset : RFLX_Types.Length); + with function Pre (Context_Buffer_Length : RFLX_Types.Length; Offset : RFLX_Types.Length) return Boolean is Always_Valid; + procedure Generic_Write (Ctx : in out Context; Offset : RFLX_Types.Length := 0) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then Offset < RFLX.DCCP.Option.Buffer_Length (Ctx) + and then Pre (RFLX.DCCP.Option.Buffer_Length (Ctx), Offset), + Post => + Has_Buffer (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) + and Initialized (Ctx); + + function Has_Buffer (Ctx : Context) return Boolean; + + function Buffer_Length (Ctx : Context) return RFLX_Types.Length with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx); + + function Size (Ctx : Context) return RFLX_Types.Bit_Length with + Post => + Size'Result rem RFLX_Types.Byte'Size = 0; + + function Byte_Size (Ctx : Context) return RFLX_Types.Length; + + function Message_Last (Ctx : Context) return RFLX_Types.Bit_Length with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Well_Formed_Message (Ctx); + + function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length; + + procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Well_Formed_Message (Ctx) + and then Data'Length = RFLX.DCCP.Option.Byte_Size (Ctx); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Valid_Value (Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean with + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Path_Condition (Ctx : Context; Fld : Field) return Boolean with + Pre => + RFLX.DCCP.Option.Valid_Predecessor (Ctx, Fld), + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Predecessor (Ctx, Fld) + and then RFLX.DCCP.Option.Valid_Value (Fld, Val) + and then RFLX.DCCP.Option.Valid_Next (Ctx, Fld) + and then RFLX.DCCP.Option.Sufficient_Space (Ctx, Fld), + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + function Field_Size (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length with + Pre => + RFLX.DCCP.Option.Valid_Next (Ctx, Fld), + Post => + (case Fld is + when F_NDP_Count_Opt | F_Option_Value | F_Elapsed_Time_Opt => + Field_Size'Result rem RFLX_Types.Byte'Size = 0, + when others => + True); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Field_First (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Index with + Pre => + RFLX.DCCP.Option.Valid_Next (Ctx, Fld), + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + function Field_Last (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length with + Pre => + RFLX.DCCP.Option.Valid_Next (Ctx, Fld) + and then RFLX.DCCP.Option.Sufficient_Space (Ctx, Fld), + Post => + (case Fld is + when F_NDP_Count_Opt | F_Option_Value | F_Elapsed_Time_Opt => + Field_Last'Result rem RFLX_Types.Byte'Size = 0, + when others => + True); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Predecessor (Ctx : Context; Fld : Virtual_Field) return Virtual_Field with + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Valid_Predecessor (Ctx : Context; Fld : Virtual_Field) return Boolean with + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + function Valid_Next (Ctx : Context; Fld : Field) return Boolean; + + function Available_Space (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length with + Pre => + RFLX.DCCP.Option.Valid_Next (Ctx, Fld); + + function Sufficient_Space (Ctx : Context; Fld : Field) return Boolean with + Pre => + RFLX.DCCP.Option.Valid_Next (Ctx, Fld); + + function Equal (Ctx : Context; Fld : Field; Data : RFLX_Types.Bytes) return Boolean with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and RFLX.DCCP.Option.Valid_Next (Ctx, Fld); + + procedure Verify (Ctx : in out Context; Fld : Field) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx), + Post => + Has_Buffer (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old; + + procedure Verify_Message (Ctx : in out Context) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx), + Post => + Has_Buffer (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old; + + function Present (Ctx : Context; Fld : Field) return Boolean; + + function Well_Formed (Ctx : Context; Fld : Field) return Boolean; + + function Valid (Ctx : Context; Fld : Field) return Boolean with + Post => + (if Valid'Result then Well_Formed (Ctx, Fld) and Present (Ctx, Fld)); + + function Incomplete (Ctx : Context; Fld : Field) return Boolean; + + function Invalid (Ctx : Context; Fld : Field) return Boolean; + + function Well_Formed_Message (Ctx : Context) return Boolean with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx); + + function Valid_Message (Ctx : Context) return Boolean with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Incomplete_Message (Ctx : Context) return Boolean with + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + pragma Warnings (Off, "precondition is always False"); + + function Get_Option_Type (Ctx : Context) return RFLX.DCCP.Opt_Type with + Pre => + RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Option_Type); + + function Get_Option_Length (Ctx : Context) return RFLX.DCCP.Option_Length_Type with + Pre => + RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Option_Length); + + function Get_Loss_Event_Rate (Ctx : Context) return RFLX.DCCP.Loss_Rate_Type with + Pre => + RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Loss_Event_Rate); + + function Get_Option_Feature (Ctx : Context) return RFLX.DCCP.Option_Feature_Type with + Pre => + RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Option_Feature); + + function Get_Receive_Rate (Ctx : Context) return RFLX.DCCP.Receive_Rate_Type with + Pre => + RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Receive_Rate); + + function Get_Timestamp_Echo_Opt (Ctx : Context) return RFLX.DCCP.Timestamp_Echo_Option_Type with + Pre => + RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Timestamp_Echo_Opt); + + function Get_Timestamp_Option (Ctx : Context) return RFLX.DCCP.Timestamp_Option_Type with + Pre => + RFLX.DCCP.Option.Valid (Ctx, RFLX.DCCP.Option.F_Timestamp_Option); + + pragma Warnings (On, "precondition is always False"); + + function Get_NDP_Count_Opt (Ctx : Context) return RFLX_Types.Bytes with + Ghost, + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Well_Formed (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt), + Post => + Get_NDP_Count_Opt'Result'Length = RFLX_Types.To_Length (Field_Size (Ctx, F_NDP_Count_Opt)); + + function Get_Option_Value (Ctx : Context) return RFLX_Types.Bytes with + Ghost, + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Well_Formed (Ctx, RFLX.DCCP.Option.F_Option_Value) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Value), + Post => + Get_Option_Value'Result'Length = RFLX_Types.To_Length (Field_Size (Ctx, F_Option_Value)); + + function Get_Elapsed_Time_Opt (Ctx : Context) return RFLX_Types.Bytes with + Ghost, + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Well_Formed (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt), + Post => + Get_Elapsed_Time_Opt'Result'Length = RFLX_Types.To_Length (Field_Size (Ctx, F_Elapsed_Time_Opt)); + + procedure Get_NDP_Count_Opt (Ctx : Context; Data : out RFLX_Types.Bytes) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Well_Formed (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) + and then Data'Length = RFLX_Types.To_Length (RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt)), + Post => + Equal (Ctx, F_NDP_Count_Opt, Data); + + procedure Get_Option_Value (Ctx : Context; Data : out RFLX_Types.Bytes) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Well_Formed (Ctx, RFLX.DCCP.Option.F_Option_Value) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Value) + and then Data'Length = RFLX_Types.To_Length (RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Value)), + Post => + Equal (Ctx, F_Option_Value, Data); + + procedure Get_Elapsed_Time_Opt (Ctx : Context; Data : out RFLX_Types.Bytes) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Well_Formed (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) + and then Data'Length = RFLX_Types.To_Length (RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt)), + Post => + Equal (Ctx, F_Elapsed_Time_Opt, Data); + + generic + with procedure Process_NDP_Count_Opt (NDP_Count_Opt : RFLX_Types.Bytes); + procedure Generic_Get_NDP_Count_Opt (Ctx : Context) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and RFLX.DCCP.Option.Present (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt); + + generic + with procedure Process_Option_Value (Option_Value : RFLX_Types.Bytes); + procedure Generic_Get_Option_Value (Ctx : Context) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and RFLX.DCCP.Option.Present (Ctx, RFLX.DCCP.Option.F_Option_Value); + + generic + with procedure Process_Elapsed_Time_Opt (Elapsed_Time_Opt : RFLX_Types.Bytes); + procedure Generic_Get_Elapsed_Time_Opt (Ctx : Context) with + Pre => + RFLX.DCCP.Option.Has_Buffer (Ctx) + and RFLX.DCCP.Option.Present (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Valid_Length (Ctx : Context; Fld : Field; Length : RFLX_Types.Length) return Boolean with + Pre => + RFLX.DCCP.Option.Valid_Next (Ctx, Fld), + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + pragma Warnings (Off, "aspect ""*"" not enforced on inlined subprogram ""*"""); + + procedure Set_Option_Type (Ctx : in out Context; Val : RFLX.DCCP.Opt_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Type) + and then RFLX.DCCP.Valid_Opt_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Type) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Type) + and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Option_Type, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Option_Type) + and Get_Option_Type (Ctx) = Val + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Option_Type)) + and Invalid (Ctx, F_Option_Length) + and Invalid (Ctx, F_Loss_Event_Rate) + and Invalid (Ctx, F_NDP_Count_Opt) + and Invalid (Ctx, F_Option_Feature) + and Invalid (Ctx, F_Receive_Rate) + and Invalid (Ctx, F_Timestamp_Echo_Opt) + and Invalid (Ctx, F_Timestamp_Option) + and Invalid (Ctx, F_Option_Value) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)) + then + Predecessor (Ctx, F_Option_Length) = F_Option_Type + and Valid_Next (Ctx, F_Option_Length)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Option_Type) = Predecessor (Ctx, F_Option_Type)'Old + and Valid_Next (Ctx, F_Option_Type) = Valid_Next (Ctx, F_Option_Type)'Old + and Field_First (Ctx, F_Option_Type) = Field_First (Ctx, F_Option_Type)'Old; + + procedure Set_Option_Length (Ctx : in out Context; Val : RFLX.DCCP.Option_Length_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Length) + and then RFLX.DCCP.Valid_Option_Length_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Length) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Length) + and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Option_Length, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Option_Length) + and Get_Option_Length (Ctx) = Val + and Invalid (Ctx, F_Loss_Event_Rate) + and Invalid (Ctx, F_NDP_Count_Opt) + and Invalid (Ctx, F_Option_Feature) + and Invalid (Ctx, F_Receive_Rate) + and Invalid (Ctx, F_Timestamp_Echo_Opt) + and Invalid (Ctx, F_Timestamp_Option) + and Invalid (Ctx, F_Option_Value) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and (if + Get_Option_Length (Ctx) >= 4 + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME)) + then + Predecessor (Ctx, F_Elapsed_Time_Opt) = F_Option_Length + and Valid_Next (Ctx, F_Elapsed_Time_Opt)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)) + then + Predecessor (Ctx, F_Loss_Event_Rate) = F_Option_Length + and Valid_Next (Ctx, F_Loss_Event_Rate)) + and (if + Get_Option_Length (Ctx) >= 3 + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT)) + then + Predecessor (Ctx, F_NDP_Count_Opt) = F_Option_Length + and Valid_Next (Ctx, F_NDP_Count_Opt)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R)) + then + Predecessor (Ctx, F_Option_Feature) = F_Option_Length + and Valid_Next (Ctx, F_Option_Feature)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)) + then + Predecessor (Ctx, F_Receive_Rate) = F_Option_Length + and Valid_Next (Ctx, F_Receive_Rate)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) + then + Predecessor (Ctx, F_Timestamp_Echo_Opt) = F_Option_Length + and Valid_Next (Ctx, F_Timestamp_Echo_Opt)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)) + then + Predecessor (Ctx, F_Timestamp_Option) = F_Option_Length + and Valid_Next (Ctx, F_Timestamp_Option)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Option_Length) = Predecessor (Ctx, F_Option_Length)'Old + and Valid_Next (Ctx, F_Option_Length) = Valid_Next (Ctx, F_Option_Length)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Field_First (Ctx, F_Option_Length) = Field_First (Ctx, F_Option_Length)'Old + and (for all F in Field range F_Option_Type .. F_Option_Type => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Loss_Event_Rate (Ctx : in out Context; Val : RFLX.DCCP.Loss_Rate_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Loss_Event_Rate) + and then RFLX.DCCP.Valid_Loss_Rate_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Loss_Event_Rate) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Loss_Event_Rate) + and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Loss_Event_Rate, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Loss_Event_Rate) + and Get_Loss_Event_Rate (Ctx) = Val + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Loss_Event_Rate)) + and Invalid (Ctx, F_NDP_Count_Opt) + and Invalid (Ctx, F_Option_Feature) + and Invalid (Ctx, F_Receive_Rate) + and Invalid (Ctx, F_Timestamp_Echo_Opt) + and Invalid (Ctx, F_Timestamp_Option) + and Invalid (Ctx, F_Option_Value) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Loss_Event_Rate) = Predecessor (Ctx, F_Loss_Event_Rate)'Old + and Valid_Next (Ctx, F_Loss_Event_Rate) = Valid_Next (Ctx, F_Loss_Event_Rate)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_Loss_Event_Rate) = Field_First (Ctx, F_Loss_Event_Rate)'Old + and (for all F in Field range F_Option_Type .. F_Option_Length => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Option_Feature (Ctx : in out Context; Val : RFLX.DCCP.Option_Feature_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Feature) + and then RFLX.DCCP.Valid_Option_Feature_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Feature) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Feature) + and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Option_Feature, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Option_Feature) + and Get_Option_Feature (Ctx) = Val + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Option_Feature)) + and Invalid (Ctx, F_Receive_Rate) + and Invalid (Ctx, F_Timestamp_Echo_Opt) + and Invalid (Ctx, F_Timestamp_Option) + and Invalid (Ctx, F_Option_Value) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and (Predecessor (Ctx, F_Option_Value) = F_Option_Feature + and Valid_Next (Ctx, F_Option_Value)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Option_Feature) = Predecessor (Ctx, F_Option_Feature)'Old + and Valid_Next (Ctx, F_Option_Feature) = Valid_Next (Ctx, F_Option_Feature)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_Option_Feature) = Field_First (Ctx, F_Option_Feature)'Old + and (for all F in Field range F_Option_Type .. F_NDP_Count_Opt => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Receive_Rate (Ctx : in out Context; Val : RFLX.DCCP.Receive_Rate_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Receive_Rate) + and then RFLX.DCCP.Valid_Receive_Rate_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Receive_Rate) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Receive_Rate) + and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Receive_Rate, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Receive_Rate) + and Get_Receive_Rate (Ctx) = Val + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Receive_Rate)) + and Invalid (Ctx, F_Timestamp_Echo_Opt) + and Invalid (Ctx, F_Timestamp_Option) + and Invalid (Ctx, F_Option_Value) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Receive_Rate) = Predecessor (Ctx, F_Receive_Rate)'Old + and Valid_Next (Ctx, F_Receive_Rate) = Valid_Next (Ctx, F_Receive_Rate)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_Receive_Rate) = Field_First (Ctx, F_Receive_Rate)'Old + and (for all F in Field range F_Option_Type .. F_Option_Feature => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Timestamp_Echo_Opt (Ctx : in out Context; Val : RFLX.DCCP.Timestamp_Echo_Option_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Timestamp_Echo_Opt) + and then RFLX.DCCP.Valid_Timestamp_Echo_Option_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Timestamp_Echo_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Timestamp_Echo_Opt) + and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Timestamp_Echo_Opt, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Timestamp_Echo_Opt) + and Get_Timestamp_Echo_Opt (Ctx) = Val + and Invalid (Ctx, F_Timestamp_Option) + and Invalid (Ctx, F_Option_Value) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and (if + Get_Option_Length (Ctx) >= 8 + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Option_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) + then + Predecessor (Ctx, F_Elapsed_Time_Opt) = F_Timestamp_Echo_Opt + and Valid_Next (Ctx, F_Elapsed_Time_Opt)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Timestamp_Echo_Opt) = Predecessor (Ctx, F_Timestamp_Echo_Opt)'Old + and Valid_Next (Ctx, F_Timestamp_Echo_Opt) = Valid_Next (Ctx, F_Timestamp_Echo_Opt)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_Timestamp_Echo_Opt) = Field_First (Ctx, F_Timestamp_Echo_Opt)'Old + and (for all F in Field range F_Option_Type .. F_Receive_Rate => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Timestamp_Option (Ctx : in out Context; Val : RFLX.DCCP.Timestamp_Option_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Timestamp_Option) + and then RFLX.DCCP.Valid_Timestamp_Option_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Timestamp_Option) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Timestamp_Option) + and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Timestamp_Option, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Timestamp_Option) + and Get_Timestamp_Option (Ctx) = Val + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Timestamp_Option)) + and Invalid (Ctx, F_Option_Value) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Timestamp_Option) = Predecessor (Ctx, F_Timestamp_Option)'Old + and Valid_Next (Ctx, F_Timestamp_Option) = Valid_Next (Ctx, F_Timestamp_Option)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_Timestamp_Option) = Field_First (Ctx, F_Timestamp_Option)'Old + and (for all F in Field range F_Option_Type .. F_Timestamp_Echo_Opt => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + pragma Warnings (On, "aspect ""*"" not enforced on inlined subprogram ""*"""); + + procedure Initialize_NDP_Count_Opt (Ctx : in out Context) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_NDP_Count_Opt) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_NDP_Count_Opt)) + and Invalid (Ctx, F_Option_Feature) + and Invalid (Ctx, F_Receive_Rate) + and Invalid (Ctx, F_Timestamp_Echo_Opt) + and Invalid (Ctx, F_Timestamp_Option) + and Invalid (Ctx, F_Option_Value) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_NDP_Count_Opt) = Predecessor (Ctx, F_NDP_Count_Opt)'Old + and Valid_Next (Ctx, F_NDP_Count_Opt) = Valid_Next (Ctx, F_NDP_Count_Opt)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_NDP_Count_Opt) = Field_First (Ctx, F_NDP_Count_Opt)'Old; + + procedure Initialize_Option_Value (Ctx : in out Context) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Value) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Value) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Value), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Option_Value) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Option_Value)) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Option_Value) = Predecessor (Ctx, F_Option_Value)'Old + and Valid_Next (Ctx, F_Option_Value) = Valid_Next (Ctx, F_Option_Value)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Get_Option_Feature (Ctx) = Get_Option_Feature (Ctx)'Old + and Field_First (Ctx, F_Option_Value) = Field_First (Ctx, F_Option_Value)'Old; + + procedure Initialize_Elapsed_Time_Opt (Ctx : in out Context) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Elapsed_Time_Opt) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Elapsed_Time_Opt)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Elapsed_Time_Opt) = Predecessor (Ctx, F_Elapsed_Time_Opt)'Old + and Valid_Next (Ctx, F_Elapsed_Time_Opt) = Valid_Next (Ctx, F_Elapsed_Time_Opt)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_Elapsed_Time_Opt) = Field_First (Ctx, F_Elapsed_Time_Opt)'Old; + + procedure Set_NDP_Count_Opt (Ctx : in out Context; Data : RFLX_Types.Bytes) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) + and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt, Data'Length) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) >= Data'Length * RFLX_Types.Byte'Size + and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt, 0), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_NDP_Count_Opt) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_NDP_Count_Opt)) + and Invalid (Ctx, F_Option_Feature) + and Invalid (Ctx, F_Receive_Rate) + and Invalid (Ctx, F_Timestamp_Echo_Opt) + and Invalid (Ctx, F_Timestamp_Option) + and Invalid (Ctx, F_Option_Value) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_NDP_Count_Opt) = Predecessor (Ctx, F_NDP_Count_Opt)'Old + and Valid_Next (Ctx, F_NDP_Count_Opt) = Valid_Next (Ctx, F_NDP_Count_Opt)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_NDP_Count_Opt) = Field_First (Ctx, F_NDP_Count_Opt)'Old + and Equal (Ctx, F_NDP_Count_Opt, Data); + + procedure Set_Option_Value (Ctx : in out Context; Data : RFLX_Types.Bytes) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Value) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Value) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Value) + and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_Option_Value, Data'Length) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Value) >= Data'Length * RFLX_Types.Byte'Size + and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Option_Value, 0), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Option_Value) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Option_Value)) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Option_Value) = Predecessor (Ctx, F_Option_Value)'Old + and Valid_Next (Ctx, F_Option_Value) = Valid_Next (Ctx, F_Option_Value)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Get_Option_Feature (Ctx) = Get_Option_Feature (Ctx)'Old + and Field_First (Ctx, F_Option_Value) = Field_First (Ctx, F_Option_Value)'Old + and Equal (Ctx, F_Option_Value, Data); + + procedure Set_Elapsed_Time_Opt (Ctx : in out Context; Data : RFLX_Types.Bytes) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) + and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt, Data'Length) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) >= Data'Length * RFLX_Types.Byte'Size + and then RFLX.DCCP.Option.Field_Condition (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt, 0), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Elapsed_Time_Opt) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Elapsed_Time_Opt)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Elapsed_Time_Opt) = Predecessor (Ctx, F_Elapsed_Time_Opt)'Old + and Valid_Next (Ctx, F_Elapsed_Time_Opt) = Valid_Next (Ctx, F_Elapsed_Time_Opt)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_Elapsed_Time_Opt) = Field_First (Ctx, F_Elapsed_Time_Opt)'Old + and Equal (Ctx, F_Elapsed_Time_Opt, Data); + + generic + with procedure Process_NDP_Count_Opt (NDP_Count_Opt : out RFLX_Types.Bytes); + with function Process_Data_Pre (Length : RFLX_Types.Length) return Boolean; + procedure Generic_Set_NDP_Count_Opt (Ctx : in out Context; Length : RFLX_Types.Length) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt) + and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt, Length) + and then RFLX_Types.To_Length (RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_NDP_Count_Opt)) >= Length + and then Process_Data_Pre (Length), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_NDP_Count_Opt) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_NDP_Count_Opt)) + and Invalid (Ctx, F_Option_Feature) + and Invalid (Ctx, F_Receive_Rate) + and Invalid (Ctx, F_Timestamp_Echo_Opt) + and Invalid (Ctx, F_Timestamp_Option) + and Invalid (Ctx, F_Option_Value) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_NDP_Count_Opt) = Predecessor (Ctx, F_NDP_Count_Opt)'Old + and Valid_Next (Ctx, F_NDP_Count_Opt) = Valid_Next (Ctx, F_NDP_Count_Opt)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_NDP_Count_Opt) = Field_First (Ctx, F_NDP_Count_Opt)'Old; + + generic + with procedure Process_Option_Value (Option_Value : out RFLX_Types.Bytes); + with function Process_Data_Pre (Length : RFLX_Types.Length) return Boolean; + procedure Generic_Set_Option_Value (Ctx : in out Context; Length : RFLX_Types.Length) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Option_Value) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Value) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Option_Value) + and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_Option_Value, Length) + and then RFLX_Types.To_Length (RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Option_Value)) >= Length + and then Process_Data_Pre (Length), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Option_Value) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Option_Value)) + and Invalid (Ctx, F_Elapsed_Time_Opt) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Option_Value) = Predecessor (Ctx, F_Option_Value)'Old + and Valid_Next (Ctx, F_Option_Value) = Valid_Next (Ctx, F_Option_Value)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Get_Option_Feature (Ctx) = Get_Option_Feature (Ctx)'Old + and Field_First (Ctx, F_Option_Value) = Field_First (Ctx, F_Option_Value)'Old; + + generic + with procedure Process_Elapsed_Time_Opt (Elapsed_Time_Opt : out RFLX_Types.Bytes); + with function Process_Data_Pre (Length : RFLX_Types.Length) return Boolean; + procedure Generic_Set_Elapsed_Time_Opt (Ctx : in out Context; Length : RFLX_Types.Length) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Option.Has_Buffer (Ctx) + and then RFLX.DCCP.Option.Valid_Next (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) + and then RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) >= RFLX.DCCP.Option.Field_Size (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt) + and then RFLX.DCCP.Option.Valid_Length (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt, Length) + and then RFLX_Types.To_Length (RFLX.DCCP.Option.Available_Space (Ctx, RFLX.DCCP.Option.F_Elapsed_Time_Opt)) >= Length + and then Process_Data_Pre (Length), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Elapsed_Time_Opt) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Elapsed_Time_Opt)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Elapsed_Time_Opt) = Predecessor (Ctx, F_Elapsed_Time_Opt)'Old + and Valid_Next (Ctx, F_Elapsed_Time_Opt) = Valid_Next (Ctx, F_Elapsed_Time_Opt)'Old + and Get_Option_Type (Ctx) = Get_Option_Type (Ctx)'Old + and Get_Option_Length (Ctx) = Get_Option_Length (Ctx)'Old + and Field_First (Ctx, F_Elapsed_Time_Opt) = Field_First (Ctx, F_Elapsed_Time_Opt)'Old; + + function Context_Cursor (Ctx : Context; Fld : Field) return Field_Cursor with + Annotate => + (GNATprove, Inline_For_Proof), + Ghost; + + function Context_Cursors (Ctx : Context) return Field_Cursors with + Annotate => + (GNATprove, Inline_For_Proof), + Ghost; + + function Context_Cursors_Index (Cursors : Field_Cursors; Fld : Field) return Field_Cursor with + Annotate => + (GNATprove, Inline_For_Proof), + Ghost; + +private + + type Cursor_State is (S_Valid, S_Well_Formed, S_Invalid, S_Incomplete); + + type Field_Cursor (State : Cursor_State := S_Invalid) is + record + Predecessor : Virtual_Field := F_Final; + case State is + when S_Valid | S_Well_Formed => + First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; + Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; + Value : RFLX_Types.Base_Integer := 0; + when S_Invalid | S_Incomplete => + null; + end case; + end record; + + type Field_Cursors is array (Virtual_Field) of Field_Cursor; + + function Well_Formed (Cursor : Field_Cursor) return Boolean is + (Cursor.State = S_Valid + or Cursor.State = S_Well_Formed); + + function Valid (Cursor : Field_Cursor) return Boolean is + (Cursor.State = S_Valid); + + function Invalid (Cursor : Field_Cursor) return Boolean is + (Cursor.State = S_Invalid + or Cursor.State = S_Incomplete); + + pragma Warnings (Off, """Buffer"" is not modified, could be of access constant type"); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Valid_Context (Buffer_First, Buffer_Last : RFLX_Types.Index; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Verified_Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length; Buffer : RFLX_Types.Bytes_Ptr; Cursors : Field_Cursors) return Boolean is + ((if Buffer /= null then Buffer'First = Buffer_First and Buffer'Last = Buffer_Last) + and then (RFLX_Types.To_Index (First) >= Buffer_First + and RFLX_Types.To_Index (Last) <= Buffer_Last + and Buffer_Last < RFLX_Types.Index'Last + and First <= Last + 1 + and Last < RFLX_Types.Bit_Index'Last + and First rem RFLX_Types.Byte'Size = 1 + and Last rem RFLX_Types.Byte'Size = 0) + and then First - 1 <= Verified_Last + and then First - 1 <= Written_Last + and then Verified_Last <= Written_Last + and then Written_Last <= Last + and then First rem RFLX_Types.Byte'Size = 1 + and then Last rem RFLX_Types.Byte'Size = 0 + and then Verified_Last rem RFLX_Types.Byte'Size = 0 + and then Written_Last rem RFLX_Types.Byte'Size = 0 + and then (for all F in Field => + (if + Well_Formed (Cursors (F)) + then + Cursors (F).First >= First + and Cursors (F).Last <= Verified_Last + and Cursors (F).First <= Cursors (F).Last + 1 + and Valid_Value (F, Cursors (F).Value))) + and then ((if + Well_Formed (Cursors (F_Option_Length)) + then + (Valid (Cursors (F_Option_Type)) + and then Cursors (F_Option_Length).Predecessor = F_Option_Type + and then (RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) + and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) + and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY))))) + and then (if + Well_Formed (Cursors (F_Loss_Event_Rate)) + then + (Valid (Cursors (F_Option_Length)) + and then Cursors (F_Loss_Event_Rate).Predecessor = F_Option_Length + and then RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)))) + and then (if + Well_Formed (Cursors (F_NDP_Count_Opt)) + then + (Valid (Cursors (F_Option_Length)) + and then Cursors (F_NDP_Count_Opt).Predecessor = F_Option_Length + and then (Cursors (F_Option_Length).Value >= 3 + and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT))))) + and then (if + Well_Formed (Cursors (F_Option_Feature)) + then + (Valid (Cursors (F_Option_Length)) + and then Cursors (F_Option_Feature).Predecessor = F_Option_Length + and then (RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) + or RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) + or RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) + or RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R))))) + and then (if + Well_Formed (Cursors (F_Receive_Rate)) + then + (Valid (Cursors (F_Option_Length)) + and then Cursors (F_Receive_Rate).Predecessor = F_Option_Length + and then RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)))) + and then (if + Well_Formed (Cursors (F_Timestamp_Echo_Opt)) + then + (Valid (Cursors (F_Option_Length)) + and then Cursors (F_Timestamp_Echo_Opt).Predecessor = F_Option_Length + and then RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)))) + and then (if + Well_Formed (Cursors (F_Timestamp_Option)) + then + (Valid (Cursors (F_Option_Length)) + and then Cursors (F_Timestamp_Option).Predecessor = F_Option_Length + and then RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)))) + and then (if + Well_Formed (Cursors (F_Option_Value)) + then + (Valid (Cursors (F_Option_Feature)) + and then Cursors (F_Option_Value).Predecessor = F_Option_Feature)) + and then (if + Well_Formed (Cursors (F_Elapsed_Time_Opt)) + then + (Valid (Cursors (F_Option_Length)) + and then Cursors (F_Elapsed_Time_Opt).Predecessor = F_Option_Length + and then (Cursors (F_Option_Length).Value >= 4 + and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME)))) + or (Valid (Cursors (F_Timestamp_Echo_Opt)) + and then Cursors (F_Elapsed_Time_Opt).Predecessor = F_Timestamp_Echo_Opt + and then (Cursors (F_Option_Length).Value >= 8 + and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)))))) + and then ((if Invalid (Cursors (F_Option_Type)) then Invalid (Cursors (F_Option_Length))) + and then (if Invalid (Cursors (F_Option_Length)) then Invalid (Cursors (F_Loss_Event_Rate))) + and then (if Invalid (Cursors (F_Option_Length)) then Invalid (Cursors (F_NDP_Count_Opt))) + and then (if Invalid (Cursors (F_Option_Length)) then Invalid (Cursors (F_Option_Feature))) + and then (if Invalid (Cursors (F_Option_Length)) then Invalid (Cursors (F_Receive_Rate))) + and then (if Invalid (Cursors (F_Option_Length)) then Invalid (Cursors (F_Timestamp_Echo_Opt))) + and then (if Invalid (Cursors (F_Option_Length)) then Invalid (Cursors (F_Timestamp_Option))) + and then (if Invalid (Cursors (F_Option_Feature)) then Invalid (Cursors (F_Option_Value))) + and then (if + Invalid (Cursors (F_Option_Length)) + and then Invalid (Cursors (F_Timestamp_Echo_Opt)) + then + Invalid (Cursors (F_Elapsed_Time_Opt)))) + and then ((if + Well_Formed (Cursors (F_Option_Type)) + then + (Cursors (F_Option_Type).Last - Cursors (F_Option_Type).First + 1 = 8 + and then Cursors (F_Option_Type).Predecessor = F_Initial + and then Cursors (F_Option_Type).First = First)) + and then (if + Well_Formed (Cursors (F_Option_Length)) + then + (Cursors (F_Option_Length).Last - Cursors (F_Option_Length).First + 1 = 8 + and then Cursors (F_Option_Length).Predecessor = F_Option_Type + and then Cursors (F_Option_Length).First = Cursors (F_Option_Type).Last + 1)) + and then (if + Well_Formed (Cursors (F_Loss_Event_Rate)) + then + (Cursors (F_Loss_Event_Rate).Last - Cursors (F_Loss_Event_Rate).First + 1 = 32 + and then Cursors (F_Loss_Event_Rate).Predecessor = F_Option_Length + and then Cursors (F_Loss_Event_Rate).First = Cursors (F_Option_Length).Last + 1)) + and then (if + Well_Formed (Cursors (F_NDP_Count_Opt)) + then + (Cursors (F_NDP_Count_Opt).Last - Cursors (F_NDP_Count_Opt).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Option_Length).Value) * 8 - 16 + and then Cursors (F_NDP_Count_Opt).Predecessor = F_Option_Length + and then Cursors (F_NDP_Count_Opt).First = Cursors (F_Option_Length).Last + 1)) + and then (if + Well_Formed (Cursors (F_Option_Feature)) + then + (Cursors (F_Option_Feature).Last - Cursors (F_Option_Feature).First + 1 = 8 + and then Cursors (F_Option_Feature).Predecessor = F_Option_Length + and then Cursors (F_Option_Feature).First = Cursors (F_Option_Length).Last + 1)) + and then (if + Well_Formed (Cursors (F_Receive_Rate)) + then + (Cursors (F_Receive_Rate).Last - Cursors (F_Receive_Rate).First + 1 = 32 + and then Cursors (F_Receive_Rate).Predecessor = F_Option_Length + and then Cursors (F_Receive_Rate).First = Cursors (F_Option_Length).Last + 1)) + and then (if + Well_Formed (Cursors (F_Timestamp_Echo_Opt)) + then + (Cursors (F_Timestamp_Echo_Opt).Last - Cursors (F_Timestamp_Echo_Opt).First + 1 = 32 + and then Cursors (F_Timestamp_Echo_Opt).Predecessor = F_Option_Length + and then Cursors (F_Timestamp_Echo_Opt).First = Cursors (F_Option_Length).Last + 1)) + and then (if + Well_Formed (Cursors (F_Timestamp_Option)) + then + (Cursors (F_Timestamp_Option).Last - Cursors (F_Timestamp_Option).First + 1 = 32 + and then Cursors (F_Timestamp_Option).Predecessor = F_Option_Length + and then Cursors (F_Timestamp_Option).First = Cursors (F_Option_Length).Last + 1)) + and then (if + Well_Formed (Cursors (F_Option_Value)) + then + (Cursors (F_Option_Value).Last - Cursors (F_Option_Value).First + 1 = 8 + and then Cursors (F_Option_Value).Predecessor = F_Option_Feature + and then Cursors (F_Option_Value).First = Cursors (F_Option_Feature).Last + 1)) + and then (if + Well_Formed (Cursors (F_Elapsed_Time_Opt)) + then + (if + Well_Formed (Cursors (F_Option_Length)) + and then (Cursors (F_Option_Length).Value >= 4 + and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME))) + then + Cursors (F_Elapsed_Time_Opt).Last - Cursors (F_Elapsed_Time_Opt).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Option_Length).Value) * 8 - 16 + and then Cursors (F_Elapsed_Time_Opt).Predecessor = F_Option_Length + and then Cursors (F_Elapsed_Time_Opt).First = Cursors (F_Option_Length).Last + 1) + and then (if + Well_Formed (Cursors (F_Timestamp_Echo_Opt)) + and then (Cursors (F_Option_Length).Value >= 8 + and RFLX_Types.Base_Integer (Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO))) + then + Cursors (F_Elapsed_Time_Opt).Last - Cursors (F_Elapsed_Time_Opt).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Option_Length).Value) * 8 - 48 + and then Cursors (F_Elapsed_Time_Opt).Predecessor = F_Timestamp_Echo_Opt + and then Cursors (F_Elapsed_Time_Opt).First = Cursors (F_Timestamp_Echo_Opt).Last + 1)))) + with + Post => + True; + + pragma Warnings (On, """Buffer"" is not modified, could be of access constant type"); + + pragma Warnings (On, "postcondition does not mention function result"); + + type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is + record + Verified_Last : RFLX_Types.Bit_Length := First - 1; + Written_Last : RFLX_Types.Bit_Length := First - 1; + Buffer : RFLX_Types.Bytes_Ptr := null; + Cursors : Field_Cursors := (others => (State => S_Invalid, Predecessor => F_Final)); + end record with + Dynamic_Predicate => + Valid_Context (Context.Buffer_First, Context.Buffer_Last, Context.First, Context.Last, Context.Verified_Last, Context.Written_Last, Context.Buffer, Context.Cursors); + + function Initialized (Ctx : Context) return Boolean is + (Ctx.Verified_Last = Ctx.First - 1 + and then Valid_Next (Ctx, F_Option_Type) + and then RFLX.DCCP.Option.Field_First (Ctx, RFLX.DCCP.Option.F_Option_Type) rem RFLX_Types.Byte'Size = 1 + and then Available_Space (Ctx, F_Option_Type) = Ctx.Last - Ctx.First + 1 + and then (for all F in Field => + Invalid (Ctx, F))); + + function Has_Buffer (Ctx : Context) return Boolean is + (Ctx.Buffer /= null); + + function Buffer_Length (Ctx : Context) return RFLX_Types.Length is + (Ctx.Buffer'Length); + + function Size (Ctx : Context) return RFLX_Types.Bit_Length is + (Ctx.Verified_Last - Ctx.First + 1); + + function Byte_Size (Ctx : Context) return RFLX_Types.Length is + (RFLX_Types.To_Length (Size (Ctx))); + + function Message_Last (Ctx : Context) return RFLX_Types.Bit_Length is + (Ctx.Verified_Last); + + function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is + (Ctx.Written_Last); + + function Valid_Value (Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean is + ((case Fld is + when F_Option_Type => + RFLX.DCCP.Valid_Opt_Type (Val), + when F_Option_Length => + RFLX.DCCP.Valid_Option_Length_Type (Val), + when F_Loss_Event_Rate => + RFLX.DCCP.Valid_Loss_Rate_Type (Val), + when F_NDP_Count_Opt => + True, + when F_Option_Feature => + RFLX.DCCP.Valid_Option_Feature_Type (Val), + when F_Receive_Rate => + RFLX.DCCP.Valid_Receive_Rate_Type (Val), + when F_Timestamp_Echo_Opt => + RFLX.DCCP.Valid_Timestamp_Echo_Option_Type (Val), + when F_Timestamp_Option => + RFLX.DCCP.Valid_Timestamp_Option_Type (Val), + when F_Option_Value | F_Elapsed_Time_Opt => + True)); + + function Path_Condition (Ctx : Context; Fld : Field) return Boolean is + ((case Ctx.Cursors (Fld).Predecessor is + when F_Initial | F_Loss_Event_Rate | F_NDP_Count_Opt | F_Option_Feature | F_Receive_Rate | F_Timestamp_Option | F_Option_Value | F_Elapsed_Time_Opt | F_Final => + True, + when F_Option_Type => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)), + when F_Option_Length => + (case Fld is + when F_Elapsed_Time_Opt => + Ctx.Cursors (F_Option_Length).Value >= 4 + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME)), + when F_Loss_Event_Rate => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)), + when F_NDP_Count_Opt => + Ctx.Cursors (F_Option_Length).Value >= 3 + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT)), + when F_Option_Feature => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R)), + when F_Receive_Rate => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)), + when F_Timestamp_Echo_Opt => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)), + when F_Timestamp_Option => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)), + when others => + False), + when F_Timestamp_Echo_Opt => + Ctx.Cursors (F_Option_Length).Value >= 8 + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)))); + + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean is + ((case Fld is + when F_Option_Type => + (Val /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) + and Val /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) + and Val /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY))) + or Val = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) + or Val = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) + or Val = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)), + when F_Option_Length => + (Val >= 4 + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME))) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_LOSS_EVT_RATE)) + or (Val >= 3 + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NDP_COUNT))) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CCID3_RCV_RATE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_L)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CHANGE_R)), + when F_Loss_Event_Rate | F_NDP_Count_Opt | F_Option_Feature | F_Receive_Rate => + True, + when F_Timestamp_Echo_Opt => + Ctx.Cursors (F_Option_Length).Value >= 8 + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO)), + when F_Timestamp_Option | F_Option_Value | F_Elapsed_Time_Opt => + True)); + + function Field_Size (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is + ((case Fld is + when F_Option_Type | F_Option_Length => + 8, + when F_Loss_Event_Rate => + 32, + when F_NDP_Count_Opt => + RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Length).Value) * 8 - 16, + when F_Option_Feature => + 8, + when F_Receive_Rate | F_Timestamp_Echo_Opt | F_Timestamp_Option => + 32, + when F_Option_Value => + 8, + when F_Elapsed_Time_Opt => + (if + Ctx.Cursors (Fld).Predecessor = F_Option_Length + and then (Ctx.Cursors (F_Option_Length).Value >= 4 + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.ELAPSED_TIME))) + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Length).Value) * 8 - 16 + elsif + Ctx.Cursors (Fld).Predecessor = F_Timestamp_Echo_Opt + and then (Ctx.Cursors (F_Option_Length).Value >= 8 + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.TIMESTAMP_ECHO))) + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Option_Length).Value) * 8 - 48 + else + RFLX_Types.Unreachable))); + + function Field_First (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Index is + ((if Fld = F_Option_Type then Ctx.First else Ctx.Cursors (Ctx.Cursors (Fld).Predecessor).Last + 1)); + + function Field_Last (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is + (Field_First (Ctx, Fld) + Field_Size (Ctx, Fld) - 1); + + function Predecessor (Ctx : Context; Fld : Virtual_Field) return Virtual_Field is + ((case Fld is + when F_Initial => + F_Initial, + when others => + Ctx.Cursors (Fld).Predecessor)); + + function Valid_Predecessor (Ctx : Context; Fld : Virtual_Field) return Boolean is + ((case Fld is + when F_Initial => + True, + when F_Option_Type => + Ctx.Cursors (Fld).Predecessor = F_Initial, + when F_Option_Length => + (Valid (Ctx.Cursors (F_Option_Type)) + and Ctx.Cursors (Fld).Predecessor = F_Option_Type), + when F_Loss_Event_Rate | F_NDP_Count_Opt | F_Option_Feature | F_Receive_Rate | F_Timestamp_Echo_Opt | F_Timestamp_Option => + (Valid (Ctx.Cursors (F_Option_Length)) + and Ctx.Cursors (Fld).Predecessor = F_Option_Length), + when F_Option_Value => + (Valid (Ctx.Cursors (F_Option_Feature)) + and Ctx.Cursors (Fld).Predecessor = F_Option_Feature), + when F_Elapsed_Time_Opt => + (Valid (Ctx.Cursors (F_Option_Length)) + and Ctx.Cursors (Fld).Predecessor = F_Option_Length) + or (Valid (Ctx.Cursors (F_Timestamp_Echo_Opt)) + and Ctx.Cursors (Fld).Predecessor = F_Timestamp_Echo_Opt), + when F_Final => + (Well_Formed (Ctx.Cursors (F_Elapsed_Time_Opt)) + and Ctx.Cursors (Fld).Predecessor = F_Elapsed_Time_Opt) + or (Valid (Ctx.Cursors (F_Loss_Event_Rate)) + and Ctx.Cursors (Fld).Predecessor = F_Loss_Event_Rate) + or (Well_Formed (Ctx.Cursors (F_NDP_Count_Opt)) + and Ctx.Cursors (Fld).Predecessor = F_NDP_Count_Opt) + or (Valid (Ctx.Cursors (F_Option_Feature)) + and Ctx.Cursors (Fld).Predecessor = F_Option_Feature) + or (Valid (Ctx.Cursors (F_Option_Type)) + and Ctx.Cursors (Fld).Predecessor = F_Option_Type) + or (Well_Formed (Ctx.Cursors (F_Option_Value)) + and Ctx.Cursors (Fld).Predecessor = F_Option_Value) + or (Valid (Ctx.Cursors (F_Receive_Rate)) + and Ctx.Cursors (Fld).Predecessor = F_Receive_Rate) + or (Valid (Ctx.Cursors (F_Timestamp_Option)) + and Ctx.Cursors (Fld).Predecessor = F_Timestamp_Option))); + + function Valid_Next (Ctx : Context; Fld : Field) return Boolean is + (Valid_Predecessor (Ctx, Fld) + and then Path_Condition (Ctx, Fld)); + + function Available_Space (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is + (Ctx.Last - Field_First (Ctx, Fld) + 1); + + function Sufficient_Space (Ctx : Context; Fld : Field) return Boolean is + (Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld)); + + function Present (Ctx : Context; Fld : Field) return Boolean is + (Well_Formed (Ctx.Cursors (Fld)) + and then Ctx.Cursors (Fld).First < Ctx.Cursors (Fld).Last + 1); + + function Well_Formed (Ctx : Context; Fld : Field) return Boolean is + (Ctx.Cursors (Fld).State = S_Valid + or Ctx.Cursors (Fld).State = S_Well_Formed); + + function Valid (Ctx : Context; Fld : Field) return Boolean is + (Ctx.Cursors (Fld).State = S_Valid + and then Ctx.Cursors (Fld).First < Ctx.Cursors (Fld).Last + 1); + + function Incomplete (Ctx : Context; Fld : Field) return Boolean is + (Ctx.Cursors (Fld).State = S_Incomplete); + + function Invalid (Ctx : Context; Fld : Field) return Boolean is + (Ctx.Cursors (Fld).State = S_Invalid + or Ctx.Cursors (Fld).State = S_Incomplete); + + function Well_Formed_Message (Ctx : Context) return Boolean is + (Well_Formed (Ctx, F_Elapsed_Time_Opt) + or Valid (Ctx, F_Loss_Event_Rate) + or Well_Formed (Ctx, F_NDP_Count_Opt) + or (Valid (Ctx, F_Option_Feature) + and then ((RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R))) + and (RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Feature).Value) < RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.FEATURE_RESERVED)) + or Ctx.Cursors (F_Option_Feature).Value > 255))) + or (Valid (Ctx, F_Option_Type) + and then (RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)))) + or Well_Formed (Ctx, F_Option_Value) + or Valid (Ctx, F_Receive_Rate) + or Valid (Ctx, F_Timestamp_Option)); + + function Valid_Message (Ctx : Context) return Boolean is + (Valid (Ctx, F_Elapsed_Time_Opt) + or Valid (Ctx, F_Loss_Event_Rate) + or Valid (Ctx, F_NDP_Count_Opt) + or (Valid (Ctx, F_Option_Feature) + and then ((RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_L)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.CONFIRM_R))) + and (RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Feature).Value) < RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.FEATURE_RESERVED)) + or Ctx.Cursors (F_Option_Feature).Value > 255))) + or (Valid (Ctx, F_Option_Type) + and then (RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.SLOW_RECEIVER)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.PADDING)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Option_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.MANDATORY)))) + or Valid (Ctx, F_Option_Value) + or Valid (Ctx, F_Receive_Rate) + or Valid (Ctx, F_Timestamp_Option)); + + function Incomplete_Message (Ctx : Context) return Boolean is + ((for some F in Field => + Incomplete (Ctx, F))); + + function Get_Option_Type (Ctx : Context) return RFLX.DCCP.Opt_Type is + (To_Actual (Ctx.Cursors (F_Option_Type).Value)); + + function Get_Option_Length (Ctx : Context) return RFLX.DCCP.Option_Length_Type is + (To_Actual (Ctx.Cursors (F_Option_Length).Value)); + + function Get_Loss_Event_Rate (Ctx : Context) return RFLX.DCCP.Loss_Rate_Type is + (To_Actual (Ctx.Cursors (F_Loss_Event_Rate).Value)); + + function Get_Option_Feature (Ctx : Context) return RFLX.DCCP.Option_Feature_Type is + (To_Actual (Ctx.Cursors (F_Option_Feature).Value)); + + function Get_Receive_Rate (Ctx : Context) return RFLX.DCCP.Receive_Rate_Type is + (To_Actual (Ctx.Cursors (F_Receive_Rate).Value)); + + function Get_Timestamp_Echo_Opt (Ctx : Context) return RFLX.DCCP.Timestamp_Echo_Option_Type is + (To_Actual (Ctx.Cursors (F_Timestamp_Echo_Opt).Value)); + + function Get_Timestamp_Option (Ctx : Context) return RFLX.DCCP.Timestamp_Option_Type is + (To_Actual (Ctx.Cursors (F_Timestamp_Option).Value)); + + function Valid_Size (Ctx : Context; Fld : Field; Size : RFLX_Types.Bit_Length) return Boolean is + (Size = Field_Size (Ctx, Fld)) + with + Pre => + RFLX.DCCP.Option.Valid_Next (Ctx, Fld); + + function Valid_Length (Ctx : Context; Fld : Field; Length : RFLX_Types.Length) return Boolean is + (Valid_Size (Ctx, Fld, RFLX_Types.To_Bit_Length (Length))); + + function Context_Cursor (Ctx : Context; Fld : Field) return Field_Cursor is + (Ctx.Cursors (Fld)); + + function Context_Cursors (Ctx : Context) return Field_Cursors is + (Ctx.Cursors); + + function Context_Cursors_Index (Cursors : Field_Cursors; Fld : Field) return Field_Cursor is + (Cursors (Fld)); + +end RFLX.DCCP.Option; diff --git a/examples/apps/dccp/rflx/generated/rflx-dccp-options.ads b/examples/apps/dccp/rflx/generated/rflx-dccp-options.ads new file mode 100644 index 000000000..6d71fc472 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-dccp-options.ads @@ -0,0 +1,10 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); +pragma Warnings (Off, "redundant conversion"); +pragma SPARK_Mode; +with RFLX.RFLX_Message_Sequence; +with RFLX.DCCP.Option; +pragma Warnings (Off, "unit ""*RFLX_Types"" is not referenced"); +with RFLX.RFLX_Types; +pragma Warnings (On, "unit ""*RFLX_Types"" is not referenced"); + +package RFLX.DCCP.Options is new RFLX.RFLX_Message_Sequence (RFLX.DCCP.Option.Context, RFLX.DCCP.Option.Initialize, RFLX.DCCP.Option.Take_Buffer, RFLX.DCCP.Option.Copy, RFLX.DCCP.Option.Has_Buffer, RFLX.DCCP.Option.Size, RFLX.DCCP.Option.Message_Last, RFLX.DCCP.Option.Initialized, RFLX.DCCP.Option.Well_Formed_Message); diff --git a/examples/apps/dccp/rflx/generated/rflx-dccp-packet.adb b/examples/apps/dccp/rflx/generated/rflx-dccp-packet.adb new file mode 100644 index 000000000..aa3cc35c8 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-dccp-packet.adb @@ -0,0 +1,1362 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); +pragma Warnings (Off, "redundant conversion"); +with RFLX.RFLX_Types.Operations; + +package body RFLX.DCCP.Packet with + SPARK_Mode +is + + pragma Unevaluated_Use_Of_Old (Allow); + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; Written_Last : RFLX_Types.Bit_Length := 0) is + begin + Initialize (Ctx, Buffer, RFLX_Types.To_First_Bit_Index (Buffer'First), RFLX_Types.To_Last_Bit_Index (Buffer'Last), Written_Last); + end Initialize; + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length := 0) is + Buffer_First : constant RFLX_Types.Index := Buffer'First; + Buffer_Last : constant RFLX_Types.Index := Buffer'Last; + begin + Ctx := (Buffer_First, Buffer_Last, First, Last, First - 1, (if Written_Last = 0 then First - 1 else Written_Last), Buffer, (F_Source_Port => (State => S_Invalid, Predecessor => F_Initial), others => (State => S_Invalid, Predecessor => F_Final))); + Buffer := null; + end Initialize; + + procedure Reset (Ctx : in out Context) is + begin + Reset (Ctx, RFLX_Types.To_First_Bit_Index (Ctx.Buffer'First), RFLX_Types.To_Last_Bit_Index (Ctx.Buffer'Last)); + end Reset; + + procedure Reset (Ctx : in out Context; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) is + begin + Ctx := (Ctx.Buffer_First, Ctx.Buffer_Last, First, Last, First - 1, First - 1, Ctx.Buffer, (F_Source_Port => (State => S_Invalid, Predecessor => F_Initial), others => (State => S_Invalid, Predecessor => F_Final))); + end Reset; + + procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) is + begin + Buffer := Ctx.Buffer; + Ctx.Buffer := null; + end Take_Buffer; + + procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) is + begin + if Buffer'Length > 0 then + Buffer := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last)); + else + Buffer := Ctx.Buffer.all (1 .. 0); + end if; + end Copy; + + function Read (Ctx : Context) return RFLX_Types.Bytes is + (Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last))); + + procedure Generic_Read (Ctx : Context) is + begin + Read (Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last))); + end Generic_Read; + + procedure Generic_Write (Ctx : in out Context; Offset : RFLX_Types.Length := 0) is + Length : RFLX_Types.Length; + begin + Reset (Ctx, RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First), RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last)); + Write (Ctx.Buffer.all (Ctx.Buffer'First + RFLX_Types.Index (Offset + 1) - 1 .. Ctx.Buffer'Last), Length, Ctx.Buffer'Length, Offset); + pragma Assert (Length <= Ctx.Buffer.all'Length, "Length <= Buffer'Length is not ensured by postcondition of ""Write"""); + Ctx.Written_Last := RFLX_Types.Bit_Index'Max (Ctx.Written_Last, RFLX_Types.To_Last_Bit_Index (RFLX_Types.Length (Ctx.Buffer_First) + Offset + Length - 1)); + end Generic_Write; + + procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) is + begin + Data := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Verified_Last)); + end Data; + + pragma Warnings (Off, "precondition is always False"); + + function Successor (Ctx : Context; Fld : Field) return Virtual_Field is + ((case Fld is + when F_Source_Port => + F_Destination_Port, + when F_Destination_Port => + F_Data_Offset, + when F_Data_Offset => + F_CCVal, + when F_CCVal => + F_CsCov, + when F_CsCov => + F_Checksum, + when F_Checksum => + F_Res_3, + when F_Res_3 => + F_Packet_Type, + when F_Packet_Type => + F_X, + when F_X => + (if + RFLX_Types.Base_Integer (Ctx.Cursors (F_X).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)) + then + F_Res_8 + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_X).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)) + then + F_Sequence_Number_Short + else + F_Initial), + when F_Res_8 => + F_Sequence_Number_Long, + when F_Sequence_Number_Short => + (if + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + F_Ack_Reserved_Short + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + F_Data + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + F_Options + else + F_Initial), + when F_Sequence_Number_Long => + (if + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + F_Ack_Reserved_Long + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + F_Data + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + F_Options + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + F_Service_Code + else + F_Initial), + when F_Ack_Reserved_Short => + F_Ack_Number_Short, + when F_Ack_Reserved_Long => + F_Ack_Number_Long, + when F_Ack_Number_Short => + (if + (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + F_Data + elsif + (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + F_Options + else + F_Initial), + when F_Ack_Number_Long => + (if + (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + F_Data + elsif + (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + F_Options + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)) + then + F_Reset_Code + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)) + then + F_Service_Code + else + F_Initial), + when F_Reset_Code => + F_Data_1, + when F_Service_Code => + (if + RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + F_Data + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + F_Options + else + F_Initial), + when F_Data_1 => + F_Data_2, + when F_Data_2 => + F_Data_3, + when F_Data_3 => + (if + RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + F_Data + elsif + RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + F_Options + else + F_Initial), + when F_Options => + F_Data, + when F_Data => + F_Final)) + with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and RFLX.DCCP.Packet.Well_Formed (Ctx, Fld) + and RFLX.DCCP.Packet.Valid_Predecessor (Ctx, Fld); + + pragma Warnings (On, "precondition is always False"); + + function Invalid_Successor (Ctx : Context; Fld : Field) return Boolean is + ((case Fld is + when F_Source_Port => + Invalid (Ctx.Cursors (F_Destination_Port)), + when F_Destination_Port => + Invalid (Ctx.Cursors (F_Data_Offset)), + when F_Data_Offset => + Invalid (Ctx.Cursors (F_CCVal)), + when F_CCVal => + Invalid (Ctx.Cursors (F_CsCov)), + when F_CsCov => + Invalid (Ctx.Cursors (F_Checksum)), + when F_Checksum => + Invalid (Ctx.Cursors (F_Res_3)), + when F_Res_3 => + Invalid (Ctx.Cursors (F_Packet_Type)), + when F_Packet_Type => + Invalid (Ctx.Cursors (F_X)), + when F_X => + Invalid (Ctx.Cursors (F_Res_8)) + and Invalid (Ctx.Cursors (F_Sequence_Number_Short)), + when F_Res_8 => + Invalid (Ctx.Cursors (F_Sequence_Number_Long)), + when F_Sequence_Number_Short => + Invalid (Ctx.Cursors (F_Ack_Reserved_Short)) + and Invalid (Ctx.Cursors (F_Data)) + and Invalid (Ctx.Cursors (F_Options)), + when F_Sequence_Number_Long => + Invalid (Ctx.Cursors (F_Ack_Reserved_Long)) + and Invalid (Ctx.Cursors (F_Data)) + and Invalid (Ctx.Cursors (F_Options)) + and Invalid (Ctx.Cursors (F_Service_Code)), + when F_Ack_Reserved_Short => + Invalid (Ctx.Cursors (F_Ack_Number_Short)), + when F_Ack_Reserved_Long => + Invalid (Ctx.Cursors (F_Ack_Number_Long)), + when F_Ack_Number_Short => + Invalid (Ctx.Cursors (F_Data)) + and Invalid (Ctx.Cursors (F_Options)), + when F_Ack_Number_Long => + Invalid (Ctx.Cursors (F_Data)) + and Invalid (Ctx.Cursors (F_Options)) + and Invalid (Ctx.Cursors (F_Reset_Code)) + and Invalid (Ctx.Cursors (F_Service_Code)), + when F_Reset_Code => + Invalid (Ctx.Cursors (F_Data_1)), + when F_Service_Code => + Invalid (Ctx.Cursors (F_Data)) + and Invalid (Ctx.Cursors (F_Options)), + when F_Data_1 => + Invalid (Ctx.Cursors (F_Data_2)), + when F_Data_2 => + Invalid (Ctx.Cursors (F_Data_3)), + when F_Data_3 => + Invalid (Ctx.Cursors (F_Data)) + and Invalid (Ctx.Cursors (F_Options)), + when F_Options => + Invalid (Ctx.Cursors (F_Data)), + when F_Data => + True)); + + function Sufficient_Buffer_Length (Ctx : Context; Fld : Field) return Boolean is + (Ctx.Buffer /= null + and Field_First (Ctx, Fld) + Field_Size (Ctx, Fld) < RFLX_Types.Bit_Length'Last + and Ctx.First <= Field_First (Ctx, Fld) + and Field_First (Ctx, Fld) + Field_Size (Ctx, Fld) - 1 <= Ctx.Written_Last) + with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and RFLX.DCCP.Packet.Valid_Next (Ctx, Fld); + + function Equal (Ctx : Context; Fld : Field; Data : RFLX_Types.Bytes) return Boolean is + (Sufficient_Buffer_Length (Ctx, Fld) + and then (case Fld is + when F_Options | F_Data => + Data'Length = RFLX_Types.To_Index (Field_Last (Ctx, Fld)) - RFLX_Types.To_Index (Field_First (Ctx, Fld)) + 1 + and then (for all I in RFLX_Types.Index range RFLX_Types.To_Index (Field_First (Ctx, Fld)) .. RFLX_Types.To_Index (Field_Last (Ctx, Fld)) => + Ctx.Buffer.all (I) = Data (Data'First + (I - RFLX_Types.To_Index (Field_First (Ctx, Fld))))), + when others => + False)); + + procedure Reset_Dependent_Fields (Ctx : in out Context; Fld : Field) with + Pre => + RFLX.DCCP.Packet.Valid_Next (Ctx, Fld), + Post => + Valid_Next (Ctx, Fld) + and Invalid (Ctx.Cursors (Fld)) + and Invalid_Successor (Ctx, Fld) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Ctx.Cursors (Fld).Predecessor = Ctx.Cursors (Fld).Predecessor'Old + and Has_Buffer (Ctx) = Has_Buffer (Ctx)'Old + and Field_First (Ctx, Fld) = Field_First (Ctx, Fld)'Old + and Field_Size (Ctx, Fld) = Field_Size (Ctx, Fld)'Old + and (for all F in Field => + (if F < Fld then Ctx.Cursors (F) = Ctx.Cursors'Old (F) else Invalid (Ctx, F))) + is + First : constant RFLX_Types.Bit_Length := Field_First (Ctx, Fld) with + Ghost; + Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld) with + Ghost; + begin + pragma Assert (Field_First (Ctx, Fld) = First + and Field_Size (Ctx, Fld) = Size); + for Fld_Loop in reverse Field'Succ (Fld) .. Field'Last loop + Ctx.Cursors (Fld_Loop) := (S_Invalid, F_Final); + pragma Loop_Invariant (Field_First (Ctx, Fld) = First + and Field_Size (Ctx, Fld) = Size); + pragma Loop_Invariant ((for all F in Field => + (if F < Fld_Loop then Ctx.Cursors (F) = Ctx.Cursors'Loop_Entry (F) else Invalid (Ctx, F)))); + end loop; + pragma Assert (Field_First (Ctx, Fld) = First + and Field_Size (Ctx, Fld) = Size); + Ctx.Cursors (Fld) := (S_Invalid, Ctx.Cursors (Fld).Predecessor); + pragma Assert (Field_First (Ctx, Fld) = First + and Field_Size (Ctx, Fld) = Size); + end Reset_Dependent_Fields; + + function Composite_Field (Fld : Field) return Boolean is + (Fld in F_Options | F_Data); + + function Get (Ctx : Context; Fld : Field) return RFLX_Types.Base_Integer with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, Fld) + and then RFLX.DCCP.Packet.Sufficient_Buffer_Length (Ctx, Fld) + and then not RFLX.DCCP.Packet.Composite_Field (Fld) + is + First : constant RFLX_Types.Bit_Index := Field_First (Ctx, Fld); + Last : constant RFLX_Types.Bit_Index := Field_Last (Ctx, Fld); + Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (First); + Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Last); + Offset : constant RFLX_Types.Offset := RFLX_Types.Offset ((RFLX_Types.Byte'Size - Last mod RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size); + Size : constant Positive := (case Fld is + when F_Source_Port | F_Destination_Port => + 16, + when F_Data_Offset => + 8, + when F_CCVal | F_CsCov => + 4, + when F_Checksum => + 16, + when F_Res_3 => + 3, + when F_Packet_Type => + 4, + when F_X => + 1, + when F_Res_8 => + 8, + when F_Sequence_Number_Short => + 24, + when F_Sequence_Number_Long => + 48, + when F_Ack_Reserved_Short => + 8, + when F_Ack_Reserved_Long => + 16, + when F_Ack_Number_Short => + 24, + when F_Ack_Number_Long => + 48, + when F_Reset_Code => + 8, + when F_Service_Code => + 32, + when F_Data_1 | F_Data_2 | F_Data_3 => + 8, + when others => + Positive'Last); + Byte_Order : constant RFLX_Types.Byte_Order := RFLX_Types.High_Order_First; + begin + return RFLX_Types.Operations.Extract (Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Size, Byte_Order); + end Get; + + procedure Verify (Ctx : in out Context; Fld : Field) is + Value : RFLX_Types.Base_Integer; + begin + if + Invalid (Ctx.Cursors (Fld)) + and then Valid_Predecessor (Ctx, Fld) + and then Path_Condition (Ctx, Fld) + then + if Sufficient_Buffer_Length (Ctx, Fld) then + Value := (if Composite_Field (Fld) then 0 else Get (Ctx, Fld)); + if + Valid_Value (Fld, Value) + and then Field_Condition (Ctx, Fld, Value) + then + pragma Assert ((if Fld = F_Data then Field_Last (Ctx, Fld) mod RFLX_Types.Byte'Size = 0)); + pragma Assert ((((Field_Last (Ctx, Fld) + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size = 0); + Ctx.Verified_Last := ((Field_Last (Ctx, Fld) + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size; + pragma Assert (Field_Last (Ctx, Fld) <= Ctx.Verified_Last); + if Composite_Field (Fld) then + Ctx.Cursors (Fld) := (State => S_Well_Formed, First => Field_First (Ctx, Fld), Last => Field_Last (Ctx, Fld), Value => Value, Predecessor => Ctx.Cursors (Fld).Predecessor); + else + Ctx.Cursors (Fld) := (State => S_Valid, First => Field_First (Ctx, Fld), Last => Field_Last (Ctx, Fld), Value => Value, Predecessor => Ctx.Cursors (Fld).Predecessor); + end if; + Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); + else + Ctx.Cursors (Fld) := (State => S_Invalid, Predecessor => F_Final); + end if; + else + Ctx.Cursors (Fld) := (State => S_Incomplete, Predecessor => F_Final); + end if; + end if; + end Verify; + + procedure Verify_Message (Ctx : in out Context) is + begin + for F in Field loop + pragma Loop_Invariant (Has_Buffer (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Loop_Entry + and Ctx.Buffer_Last = Ctx.Buffer_Last'Loop_Entry + and Ctx.First = Ctx.First'Loop_Entry + and Ctx.Last = Ctx.Last'Loop_Entry); + Verify (Ctx, F); + end loop; + end Verify_Message; + + function Get_Data (Ctx : Context) return RFLX_Types.Bytes is + First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Data).First); + Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Data).Last); + begin + return Ctx.Buffer.all (First .. Last); + end Get_Data; + + procedure Get_Data (Ctx : Context; Data : out RFLX_Types.Bytes) is + First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Data).First); + Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Data).Last); + begin + Data := (others => RFLX_Types.Byte'First); + Data (Data'First .. Data'First + (Last - First)) := Ctx.Buffer.all (First .. Last); + end Get_Data; + + procedure Generic_Get_Data (Ctx : Context) is + First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Data).First); + Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Cursors (F_Data).Last); + begin + Process_Data (Ctx.Buffer.all (First .. Last)); + end Generic_Get_Data; + + procedure Set (Ctx : in out Context; Fld : Field; Val : RFLX_Types.Base_Integer; Size : RFLX_Types.Bit_Length; State_Valid : Boolean; Buffer_First : out RFLX_Types.Index; Buffer_Last : out RFLX_Types.Index; Offset : out RFLX_Types.Offset) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, Fld) + and then RFLX.DCCP.Packet.Valid_Value (Fld, Val) + and then RFLX.DCCP.Packet.Valid_Size (Ctx, Fld, Size) + and then Size <= RFLX.DCCP.Packet.Available_Space (Ctx, Fld) + and then (if RFLX.DCCP.Packet.Composite_Field (Fld) then Size mod RFLX_Types.Byte'Size = 0 else State_Valid), + Post => + Valid_Next (Ctx, Fld) + and then Invalid_Successor (Ctx, Fld) + and then Buffer_First = RFLX_Types.To_Index (Field_First (Ctx, Fld)) + and then Buffer_Last = RFLX_Types.To_Index (Field_First (Ctx, Fld) + Size - 1) + and then Offset = RFLX_Types.Offset ((RFLX_Types.Byte'Size - (Field_First (Ctx, Fld) + Size - 1) mod RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size) + and then Ctx.Buffer_First = Ctx.Buffer_First'Old + and then Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and then Ctx.First = Ctx.First'Old + and then Ctx.Last = Ctx.Last'Old + and then Ctx.Buffer_First = Ctx.Buffer_First'Old + and then Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and then Ctx.First = Ctx.First'Old + and then Ctx.Last = Ctx.Last'Old + and then Has_Buffer (Ctx) = Has_Buffer (Ctx)'Old + and then Predecessor (Ctx, Fld) = Predecessor (Ctx, Fld)'Old + and then Field_First (Ctx, Fld) = Field_First (Ctx, Fld)'Old + and then Sufficient_Space (Ctx, Fld) + and then (if State_Valid and Size > 0 then Valid (Ctx, Fld) else Well_Formed (Ctx, Fld)) + and then (case Fld is + when F_Source_Port => + Get_Source_Port (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Destination_Port) = F_Source_Port + and Valid_Next (Ctx, F_Destination_Port)), + when F_Destination_Port => + Get_Destination_Port (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Data_Offset) = F_Destination_Port + and Valid_Next (Ctx, F_Data_Offset)), + when F_Data_Offset => + Get_Data_Offset (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_CCVal) = F_Data_Offset + and Valid_Next (Ctx, F_CCVal)), + when F_CCVal => + Get_CCVal (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_CsCov) = F_CCVal + and Valid_Next (Ctx, F_CsCov)), + when F_CsCov => + Get_CsCov (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Checksum) = F_CsCov + and Valid_Next (Ctx, F_Checksum)), + when F_Checksum => + Get_Checksum (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Res_3) = F_Checksum + and Valid_Next (Ctx, F_Res_3)), + when F_Res_3 => + Get_Res_3 (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Packet_Type) = F_Res_3 + and Valid_Next (Ctx, F_Packet_Type)), + when F_Packet_Type => + Get_Packet_Type (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_X) = F_Packet_Type + and Valid_Next (Ctx, F_X)), + when F_X => + Get_X (Ctx) = To_Actual (Val) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_X (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)) + then + Predecessor (Ctx, F_Res_8) = F_X + and Valid_Next (Ctx, F_Res_8)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_X (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)) + then + Predecessor (Ctx, F_Sequence_Number_Short) = F_X + and Valid_Next (Ctx, F_Sequence_Number_Short)), + when F_Res_8 => + Get_Res_8 (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Sequence_Number_Long) = F_Res_8 + and Valid_Next (Ctx, F_Sequence_Number_Long)), + when F_Sequence_Number_Short => + Get_Sequence_Number_Short (Ctx) = To_Actual (Val) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + Predecessor (Ctx, F_Ack_Reserved_Short) = F_Sequence_Number_Short + and Valid_Next (Ctx, F_Ack_Reserved_Short)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Sequence_Number_Short + and Valid_Next (Ctx, F_Data)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Sequence_Number_Short + and Valid_Next (Ctx, F_Options)), + when F_Sequence_Number_Long => + Get_Sequence_Number_Long (Ctx) = To_Actual (Val) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + Predecessor (Ctx, F_Ack_Reserved_Long) = F_Sequence_Number_Long + and Valid_Next (Ctx, F_Ack_Reserved_Long)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Sequence_Number_Long + and Valid_Next (Ctx, F_Data)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Sequence_Number_Long + and Valid_Next (Ctx, F_Options)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + Predecessor (Ctx, F_Service_Code) = F_Sequence_Number_Long + and Valid_Next (Ctx, F_Service_Code)), + when F_Ack_Reserved_Short => + Get_Ack_Reserved_Short (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Ack_Number_Short) = F_Ack_Reserved_Short + and Valid_Next (Ctx, F_Ack_Number_Short)), + when F_Ack_Reserved_Long => + Get_Ack_Reserved_Long (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Ack_Number_Long) = F_Ack_Reserved_Long + and Valid_Next (Ctx, F_Ack_Number_Long)), + when F_Ack_Number_Short => + Get_Ack_Number_Short (Ctx) = To_Actual (Val) + and (if + (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Ack_Number_Short + and Valid_Next (Ctx, F_Data)) + and (if + (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Ack_Number_Short + and Valid_Next (Ctx, F_Options)), + when F_Ack_Number_Long => + Get_Ack_Number_Long (Ctx) = To_Actual (Val) + and (if + (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Ack_Number_Long + and Valid_Next (Ctx, F_Data)) + and (if + (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Ack_Number_Long + and Valid_Next (Ctx, F_Options)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)) + then + Predecessor (Ctx, F_Reset_Code) = F_Ack_Number_Long + and Valid_Next (Ctx, F_Reset_Code)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)) + then + Predecessor (Ctx, F_Service_Code) = F_Ack_Number_Long + and Valid_Next (Ctx, F_Service_Code)), + when F_Reset_Code => + Get_Reset_Code (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Data_1) = F_Reset_Code + and Valid_Next (Ctx, F_Data_1)), + when F_Service_Code => + Get_Service_Code (Ctx) = To_Actual (Val) + and (if + RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Service_Code + and Valid_Next (Ctx, F_Data)) + and (if + RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Service_Code + and Valid_Next (Ctx, F_Options)), + when F_Data_1 => + Get_Data_1 (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Data_2) = F_Data_1 + and Valid_Next (Ctx, F_Data_2)), + when F_Data_2 => + Get_Data_2 (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Data_3) = F_Data_2 + and Valid_Next (Ctx, F_Data_3)), + when F_Data_3 => + Get_Data_3 (Ctx) = To_Actual (Val) + and (if + RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Data_3 + and Valid_Next (Ctx, F_Data)) + and (if + RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Data_3 + and Valid_Next (Ctx, F_Options)), + when F_Options => + (Predecessor (Ctx, F_Data) = F_Options + and Valid_Next (Ctx, F_Data)), + when F_Data => + (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld))) + and then (for all F in Field => + (if F < Fld then Ctx.Cursors (F) = Ctx.Cursors'Old (F))) + is + First : RFLX_Types.Bit_Index; + Last : RFLX_Types.Bit_Length; + begin + Reset_Dependent_Fields (Ctx, Fld); + First := Field_First (Ctx, Fld); + Last := Field_First (Ctx, Fld) + Size - 1; + Offset := RFLX_Types.Offset ((RFLX_Types.Byte'Size - Last mod RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size); + Buffer_First := RFLX_Types.To_Index (First); + Buffer_Last := RFLX_Types.To_Index (Last); + pragma Assert ((((Last + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size) mod RFLX_Types.Byte'Size = 0); + pragma Warnings (Off, "attribute Update is an obsolescent feature"); + Ctx := Ctx'Update (Verified_Last => ((Last + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size, Written_Last => ((Last + RFLX_Types.Byte'Size - 1) / RFLX_Types.Byte'Size) * RFLX_Types.Byte'Size); + pragma Warnings (On, "attribute Update is an obsolescent feature"); + pragma Assert (Size = (case Fld is + when F_Source_Port | F_Destination_Port => + 16, + when F_Data_Offset => + 8, + when F_CCVal | F_CsCov => + 4, + when F_Checksum => + 16, + when F_Res_3 => + 3, + when F_Packet_Type => + 4, + when F_X => + 1, + when F_Res_8 => + 8, + when F_Sequence_Number_Short => + 24, + when F_Sequence_Number_Long => + 48, + when F_Ack_Reserved_Short => + 8, + when F_Ack_Reserved_Long => + 16, + when F_Ack_Number_Short => + 24, + when F_Ack_Number_Long => + 48, + when F_Reset_Code => + 8, + when F_Service_Code => + 32, + when F_Data_1 | F_Data_2 | F_Data_3 => + 8, + when F_Options => + (if + Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long + and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) + elsif + Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short + and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) + elsif + Ctx.Cursors (Fld).Predecessor = F_Data_3 + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) + elsif + Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) + elsif + Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) + elsif + Ctx.Cursors (Fld).Predecessor = F_Service_Code + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) + else + RFLX_Types.Unreachable), + when F_Data => + (if + Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long + and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) + elsif + Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short + and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) + elsif + Ctx.Cursors (Fld).Predecessor = F_Data_3 + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) + elsif + Ctx.Cursors (Fld).Predecessor = F_Options + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Options).Last) + elsif + Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) + elsif + Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) + elsif + Ctx.Cursors (Fld).Predecessor = F_Service_Code + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) + else + RFLX_Types.Unreachable))); + if State_Valid then + Ctx.Cursors (Fld) := (State => S_Valid, First => First, Last => Last, Value => Val, Predecessor => Ctx.Cursors (Fld).Predecessor); + else + Ctx.Cursors (Fld) := (State => S_Well_Formed, First => First, Last => Last, Value => Val, Predecessor => Ctx.Cursors (Fld).Predecessor); + end if; + Ctx.Cursors (Successor (Ctx, Fld)) := (State => S_Invalid, Predecessor => Fld); + pragma Assert (Last = (Field_First (Ctx, Fld) + Size) - 1); + end Set; + + procedure Set_Scalar (Ctx : in out Context; Fld : Field; Val : RFLX_Types.Base_Integer) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, Fld) + and then Fld in F_Source_Port | F_Destination_Port | F_Data_Offset | F_CCVal | F_CsCov | F_Checksum | F_Res_3 | F_Packet_Type | F_X | F_Res_8 | F_Sequence_Number_Short | F_Sequence_Number_Long | F_Ack_Reserved_Short | F_Ack_Reserved_Long | F_Ack_Number_Short | F_Ack_Number_Long | F_Reset_Code | F_Service_Code | F_Data_1 | F_Data_2 | F_Data_3 + and then RFLX.DCCP.Packet.Valid_Value (Fld, Val) + and then RFLX.DCCP.Packet.Valid_Size (Ctx, Fld, RFLX.DCCP.Packet.Field_Size (Ctx, Fld)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, Fld) >= RFLX.DCCP.Packet.Field_Size (Ctx, Fld) + and then RFLX.DCCP.Packet.Field_Size (Ctx, Fld) in 1 .. RFLX_Types.Base_Integer'Size + and then RFLX_Types.Fits_Into (Val, Natural (RFLX.DCCP.Packet.Field_Size (Ctx, Fld))), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, Fld) + and Invalid_Successor (Ctx, Fld) + and (case Fld is + when F_Source_Port => + Get_Source_Port (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Destination_Port) = F_Source_Port + and Valid_Next (Ctx, F_Destination_Port)), + when F_Destination_Port => + Get_Destination_Port (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Data_Offset) = F_Destination_Port + and Valid_Next (Ctx, F_Data_Offset)), + when F_Data_Offset => + Get_Data_Offset (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_CCVal) = F_Data_Offset + and Valid_Next (Ctx, F_CCVal)), + when F_CCVal => + Get_CCVal (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_CsCov) = F_CCVal + and Valid_Next (Ctx, F_CsCov)), + when F_CsCov => + Get_CsCov (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Checksum) = F_CsCov + and Valid_Next (Ctx, F_Checksum)), + when F_Checksum => + Get_Checksum (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Res_3) = F_Checksum + and Valid_Next (Ctx, F_Res_3)), + when F_Res_3 => + Get_Res_3 (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Packet_Type) = F_Res_3 + and Valid_Next (Ctx, F_Packet_Type)), + when F_Packet_Type => + Get_Packet_Type (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_X) = F_Packet_Type + and Valid_Next (Ctx, F_X)), + when F_X => + Get_X (Ctx) = To_Actual (Val) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_X (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)) + then + Predecessor (Ctx, F_Res_8) = F_X + and Valid_Next (Ctx, F_Res_8)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_X (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)) + then + Predecessor (Ctx, F_Sequence_Number_Short) = F_X + and Valid_Next (Ctx, F_Sequence_Number_Short)), + when F_Res_8 => + Get_Res_8 (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Sequence_Number_Long) = F_Res_8 + and Valid_Next (Ctx, F_Sequence_Number_Long)), + when F_Sequence_Number_Short => + Get_Sequence_Number_Short (Ctx) = To_Actual (Val) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + Predecessor (Ctx, F_Ack_Reserved_Short) = F_Sequence_Number_Short + and Valid_Next (Ctx, F_Ack_Reserved_Short)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Sequence_Number_Short + and Valid_Next (Ctx, F_Data)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Sequence_Number_Short + and Valid_Next (Ctx, F_Options)), + when F_Sequence_Number_Long => + Get_Sequence_Number_Long (Ctx) = To_Actual (Val) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + Predecessor (Ctx, F_Ack_Reserved_Long) = F_Sequence_Number_Long + and Valid_Next (Ctx, F_Ack_Reserved_Long)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Sequence_Number_Long + and Valid_Next (Ctx, F_Data)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Sequence_Number_Long + and Valid_Next (Ctx, F_Options)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + Predecessor (Ctx, F_Service_Code) = F_Sequence_Number_Long + and Valid_Next (Ctx, F_Service_Code)), + when F_Ack_Reserved_Short => + Get_Ack_Reserved_Short (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Ack_Number_Short) = F_Ack_Reserved_Short + and Valid_Next (Ctx, F_Ack_Number_Short)), + when F_Ack_Reserved_Long => + Get_Ack_Reserved_Long (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Ack_Number_Long) = F_Ack_Reserved_Long + and Valid_Next (Ctx, F_Ack_Number_Long)), + when F_Ack_Number_Short => + Get_Ack_Number_Short (Ctx) = To_Actual (Val) + and (if + (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Ack_Number_Short + and Valid_Next (Ctx, F_Data)) + and (if + (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Ack_Number_Short + and Valid_Next (Ctx, F_Options)), + when F_Ack_Number_Long => + Get_Ack_Number_Long (Ctx) = To_Actual (Val) + and (if + (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Ack_Number_Long + and Valid_Next (Ctx, F_Data)) + and (if + (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Ack_Number_Long + and Valid_Next (Ctx, F_Options)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)) + then + Predecessor (Ctx, F_Reset_Code) = F_Ack_Number_Long + and Valid_Next (Ctx, F_Reset_Code)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)) + then + Predecessor (Ctx, F_Service_Code) = F_Ack_Number_Long + and Valid_Next (Ctx, F_Service_Code)), + when F_Reset_Code => + Get_Reset_Code (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Data_1) = F_Reset_Code + and Valid_Next (Ctx, F_Data_1)), + when F_Service_Code => + Get_Service_Code (Ctx) = To_Actual (Val) + and (if + RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Service_Code + and Valid_Next (Ctx, F_Data)) + and (if + RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Service_Code + and Valid_Next (Ctx, F_Options)), + when F_Data_1 => + Get_Data_1 (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Data_2) = F_Data_1 + and Valid_Next (Ctx, F_Data_2)), + when F_Data_2 => + Get_Data_2 (Ctx) = To_Actual (Val) + and (Predecessor (Ctx, F_Data_3) = F_Data_2 + and Valid_Next (Ctx, F_Data_3)), + when F_Data_3 => + Get_Data_3 (Ctx) = To_Actual (Val) + and (if + RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Data_3 + and Valid_Next (Ctx, F_Data)) + and (if + RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Data_3 + and Valid_Next (Ctx, F_Options)), + when F_Options => + (Predecessor (Ctx, F_Data) = F_Options + and Valid_Next (Ctx, F_Data)), + when F_Data => + (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, Fld))) + and (for all F in Field => + (if F < Fld then Ctx.Cursors (F) = Ctx.Cursors'Old (F))) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Has_Buffer (Ctx) = Has_Buffer (Ctx)'Old + and Predecessor (Ctx, Fld) = Predecessor (Ctx, Fld)'Old + and Field_First (Ctx, Fld) = Field_First (Ctx, Fld)'Old + is + Buffer_First, Buffer_Last : RFLX_Types.Index; + Offset : RFLX_Types.Offset; + Size : constant RFLX_Types.Bit_Length := Field_Size (Ctx, Fld); + begin + Set (Ctx, Fld, Val, Size, True, Buffer_First, Buffer_Last, Offset); + RFLX_Types.Lemma_Size (Val, Positive (Size)); + RFLX_Types.Operations.Insert (Val, Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Positive (Size), RFLX_Types.High_Order_First); + end Set_Scalar; + + procedure Set_Source_Port (Ctx : in out Context; Val : RFLX.DCCP.Port_Type) is + begin + Set_Scalar (Ctx, F_Source_Port, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Source_Port; + + procedure Set_Destination_Port (Ctx : in out Context; Val : RFLX.DCCP.Port_Type) is + begin + Set_Scalar (Ctx, F_Destination_Port, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Destination_Port; + + procedure Set_Data_Offset (Ctx : in out Context; Val : RFLX.DCCP.Data_Offset_Type) is + begin + Set_Scalar (Ctx, F_Data_Offset, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Data_Offset; + + procedure Set_CCVal (Ctx : in out Context; Val : RFLX.DCCP.CCVal_Type) is + begin + Set_Scalar (Ctx, F_CCVal, RFLX.DCCP.To_Base_Integer (Val)); + end Set_CCVal; + + procedure Set_CsCov (Ctx : in out Context; Val : RFLX.DCCP.Checksum_Coverage_Type) is + begin + Set_Scalar (Ctx, F_CsCov, RFLX.DCCP.To_Base_Integer (Val)); + end Set_CsCov; + + procedure Set_Checksum (Ctx : in out Context; Val : RFLX.DCCP.Checksum_Type) is + begin + Set_Scalar (Ctx, F_Checksum, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Checksum; + + procedure Set_Res_3 (Ctx : in out Context; Val : RFLX.DCCP.Reserved_3_Type) is + begin + Set_Scalar (Ctx, F_Res_3, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Res_3; + + procedure Set_Packet_Type (Ctx : in out Context; Val : RFLX.DCCP.Type_Field) is + begin + Set_Scalar (Ctx, F_Packet_Type, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Packet_Type; + + procedure Set_X (Ctx : in out Context; Val : RFLX.DCCP.Ext_Seq_Type) is + begin + Set_Scalar (Ctx, F_X, RFLX.DCCP.To_Base_Integer (Val)); + end Set_X; + + procedure Set_Res_8 (Ctx : in out Context; Val : RFLX.DCCP.Reserved_8_Type) is + begin + Set_Scalar (Ctx, F_Res_8, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Res_8; + + procedure Set_Sequence_Number_Short (Ctx : in out Context; Val : RFLX.DCCP.Sequence_Number_Short_Type) is + begin + Set_Scalar (Ctx, F_Sequence_Number_Short, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Sequence_Number_Short; + + procedure Set_Sequence_Number_Long (Ctx : in out Context; Val : RFLX.DCCP.Sequence_Number_Long_Type) is + begin + Set_Scalar (Ctx, F_Sequence_Number_Long, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Sequence_Number_Long; + + procedure Set_Ack_Reserved_Short (Ctx : in out Context; Val : RFLX.DCCP.Reserved_8_Type) is + begin + Set_Scalar (Ctx, F_Ack_Reserved_Short, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Ack_Reserved_Short; + + procedure Set_Ack_Reserved_Long (Ctx : in out Context; Val : RFLX.DCCP.Reserved_16_Type) is + begin + Set_Scalar (Ctx, F_Ack_Reserved_Long, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Ack_Reserved_Long; + + procedure Set_Ack_Number_Short (Ctx : in out Context; Val : RFLX.DCCP.Ack_Number_Short_Type) is + begin + Set_Scalar (Ctx, F_Ack_Number_Short, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Ack_Number_Short; + + procedure Set_Ack_Number_Long (Ctx : in out Context; Val : RFLX.DCCP.Ack_Number_Long_Type) is + begin + Set_Scalar (Ctx, F_Ack_Number_Long, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Ack_Number_Long; + + procedure Set_Reset_Code (Ctx : in out Context; Val : RFLX.DCCP.Reset_Code_Type) is + begin + Set_Scalar (Ctx, F_Reset_Code, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Reset_Code; + + procedure Set_Service_Code (Ctx : in out Context; Val : RFLX.DCCP.Service_Code_Type) is + begin + Set_Scalar (Ctx, F_Service_Code, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Service_Code; + + procedure Set_Data_1 (Ctx : in out Context; Val : RFLX.DCCP.Data_Type) is + begin + Set_Scalar (Ctx, F_Data_1, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Data_1; + + procedure Set_Data_2 (Ctx : in out Context; Val : RFLX.DCCP.Data_Type) is + begin + Set_Scalar (Ctx, F_Data_2, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Data_2; + + procedure Set_Data_3 (Ctx : in out Context; Val : RFLX.DCCP.Data_Type) is + begin + Set_Scalar (Ctx, F_Data_3, RFLX.DCCP.To_Base_Integer (Val)); + end Set_Data_3; + + procedure Set_Data_Empty (Ctx : in out Context) is + Unused_Buffer_First, Unused_Buffer_Last : RFLX_Types.Index; + Unused_Offset : RFLX_Types.Offset; + begin + Set (Ctx, F_Data, 0, 0, True, Unused_Buffer_First, Unused_Buffer_Last, Unused_Offset); + end Set_Data_Empty; + + procedure Set_Options (Ctx : in out Context; Seq_Ctx : RFLX.DCCP.Options.Context) is + Size : constant RFLX_Types.Bit_Length := RFLX_Types.To_Bit_Length (RFLX.DCCP.Options.Byte_Size (Seq_Ctx)); + Unused_First, Unused_Last : RFLX_Types.Bit_Index; + Buffer_First, Buffer_Last : RFLX_Types.Index; + Unused_Offset : RFLX_Types.Offset; + begin + Set (Ctx, F_Options, 0, Size, True, Buffer_First, Buffer_Last, Unused_Offset); + RFLX.DCCP.Options.Copy (Seq_Ctx, Ctx.Buffer.all (Buffer_First .. Buffer_Last)); + end Set_Options; + + procedure Initialize_Options_Private (Ctx : in out Context; Length : RFLX_Types.Length) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Options) + and then RFLX.DCCP.Packet.Valid_Length (Ctx, RFLX.DCCP.Packet.F_Options, Length) + and then RFLX_Types.To_Length (RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Options)) >= Length + and then RFLX.DCCP.Packet.Field_First (Ctx, RFLX.DCCP.Packet.F_Options) mod RFLX_Types.Byte'Size = 1, + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Options) + and Field_Size (Ctx, F_Options) = RFLX_Types.To_Bit_Length (Length) + and Ctx.Verified_Last = Field_Last (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Data) = F_Options + and Valid_Next (Ctx, F_Data)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Options) = Predecessor (Ctx, F_Options)'Old + and Valid_Next (Ctx, F_Options) = Valid_Next (Ctx, F_Options)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Field_First (Ctx, F_Options) = Field_First (Ctx, F_Options)'Old + is + First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Options); + Last : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Options) + RFLX_Types.Bit_Length (Length) * RFLX_Types.Byte'Size - 1; + begin + pragma Assert (Last mod RFLX_Types.Byte'Size = 0); + Reset_Dependent_Fields (Ctx, F_Options); + pragma Warnings (Off, "attribute Update is an obsolescent feature"); + Ctx := Ctx'Update (Verified_Last => Last, Written_Last => Last); + pragma Warnings (On, "attribute Update is an obsolescent feature"); + Ctx.Cursors (F_Options) := (State => S_Well_Formed, First => First, Last => Last, Value => 0, Predecessor => Ctx.Cursors (F_Options).Predecessor); + Ctx.Cursors (Successor (Ctx, F_Options)) := (State => S_Invalid, Predecessor => F_Options); + end Initialize_Options_Private; + + procedure Initialize_Options (Ctx : in out Context) is + begin + Initialize_Options_Private (Ctx, RFLX_Types.To_Length (Field_Size (Ctx, F_Options))); + end Initialize_Options; + + procedure Initialize_Data_Private (Ctx : in out Context; Length : RFLX_Types.Length) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data) + and then RFLX.DCCP.Packet.Valid_Length (Ctx, RFLX.DCCP.Packet.F_Data, Length) + and then RFLX_Types.To_Length (RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data)) >= Length + and then RFLX.DCCP.Packet.Field_First (Ctx, RFLX.DCCP.Packet.F_Data) mod RFLX_Types.Byte'Size = 1, + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Data) + and Field_Size (Ctx, F_Data) = RFLX_Types.To_Bit_Length (Length) + and Ctx.Verified_Last = Field_Last (Ctx, F_Data) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Data) = Predecessor (Ctx, F_Data)'Old + and Valid_Next (Ctx, F_Data) = Valid_Next (Ctx, F_Data)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Field_First (Ctx, F_Data) = Field_First (Ctx, F_Data)'Old + is + First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Data); + Last : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Data) + RFLX_Types.Bit_Length (Length) * RFLX_Types.Byte'Size - 1; + begin + pragma Assert (Last mod RFLX_Types.Byte'Size = 0); + Reset_Dependent_Fields (Ctx, F_Data); + pragma Warnings (Off, "attribute Update is an obsolescent feature"); + Ctx := Ctx'Update (Verified_Last => Last, Written_Last => Last); + pragma Warnings (On, "attribute Update is an obsolescent feature"); + Ctx.Cursors (F_Data) := (State => S_Well_Formed, First => First, Last => Last, Value => 0, Predecessor => Ctx.Cursors (F_Data).Predecessor); + Ctx.Cursors (Successor (Ctx, F_Data)) := (State => S_Invalid, Predecessor => F_Data); + end Initialize_Data_Private; + + procedure Initialize_Data (Ctx : in out Context; Length : RFLX_Types.Length) is + begin + Initialize_Data_Private (Ctx, Length); + end Initialize_Data; + + procedure Set_Data (Ctx : in out Context; Data : RFLX_Types.Bytes) is + Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (Field_First (Ctx, F_Data)); + Buffer_Last : constant RFLX_Types.Index := Buffer_First + Data'Length - 1; + begin + Initialize_Data_Private (Ctx, Data'Length); + pragma Assert (Buffer_Last = RFLX_Types.To_Index (Field_Last (Ctx, F_Data))); + Ctx.Buffer.all (Buffer_First .. Buffer_Last) := Data; + pragma Assert (Ctx.Buffer.all (RFLX_Types.To_Index (Field_First (Ctx, F_Data)) .. RFLX_Types.To_Index (Field_Last (Ctx, F_Data))) = Data); + end Set_Data; + + procedure Generic_Set_Data (Ctx : in out Context; Length : RFLX_Types.Length) is + First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Data); + Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (First); + Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (First + RFLX_Types.To_Bit_Length (Length) - 1); + begin + Process_Data (Ctx.Buffer.all (Buffer_First .. Buffer_Last)); + Initialize_Data_Private (Ctx, Length); + end Generic_Set_Data; + + procedure Switch_To_Options (Ctx : in out Context; Seq_Ctx : out RFLX.DCCP.Options.Context) is + First : constant RFLX_Types.Bit_Index := Field_First (Ctx, F_Options); + Last : constant RFLX_Types.Bit_Index := Field_Last (Ctx, F_Options); + Buffer : RFLX_Types.Bytes_Ptr; + begin + if Invalid (Ctx, F_Options) then + Reset_Dependent_Fields (Ctx, F_Options); + pragma Warnings (Off, "attribute Update is an obsolescent feature"); + Ctx := Ctx'Update (Verified_Last => Last, Written_Last => RFLX_Types.Bit_Length'Max (Ctx.Written_Last, Last)); + pragma Warnings (On, "attribute Update is an obsolescent feature"); + Ctx.Cursors (F_Options) := (State => S_Well_Formed, First => First, Last => Last, Value => 0, Predecessor => Ctx.Cursors (F_Options).Predecessor); + Ctx.Cursors (Successor (Ctx, F_Options)) := (State => S_Invalid, Predecessor => F_Options); + end if; + Take_Buffer (Ctx, Buffer); + pragma Warnings (Off, "unused assignment to ""Buffer"""); + RFLX.DCCP.Options.Initialize (Seq_Ctx, Buffer, First, Last); + pragma Warnings (On, "unused assignment to ""Buffer"""); + end Switch_To_Options; + + procedure Update_Options (Ctx : in out Context; Seq_Ctx : in out RFLX.DCCP.Options.Context) is + Valid_Sequence : constant Boolean := RFLX.DCCP.Packet.Complete_Options (Ctx, Seq_Ctx); + Buffer : RFLX_Types.Bytes_Ptr; + begin + RFLX.DCCP.Options.Take_Buffer (Seq_Ctx, Buffer); + Ctx.Buffer := Buffer; + if Valid_Sequence then + Ctx.Cursors (F_Options) := (State => S_Valid, First => Ctx.Cursors (F_Options).First, Last => Ctx.Cursors (F_Options).Last, Value => Ctx.Cursors (F_Options).Value, Predecessor => Ctx.Cursors (F_Options).Predecessor); + else + Reset_Dependent_Fields (Ctx, F_Options); + Ctx.Cursors (F_Options) := (State => S_Invalid, Predecessor => Ctx.Cursors (F_Options).Predecessor); + end if; + end Update_Options; + +end RFLX.DCCP.Packet; diff --git a/examples/apps/dccp/rflx/generated/rflx-dccp-packet.ads b/examples/apps/dccp/rflx/generated/rflx-dccp-packet.ads new file mode 100644 index 000000000..30505001e --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-dccp-packet.ads @@ -0,0 +1,3083 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); +pragma Warnings (Off, "redundant conversion"); +with RFLX.RFLX_Types; +with RFLX.DCCP.Options; + +package RFLX.DCCP.Packet with + SPARK_Mode, + Annotate => + (GNATprove, Always_Return) +is + + pragma Warnings (Off, "use clause for type ""Base_Integer"" * has no effect"); + + pragma Warnings (Off, "use clause for type ""Bytes"" * has no effect"); + + pragma Warnings (Off, """BASE_INTEGER"" is already use-visible through previous use_type_clause"); + + pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); + + use type RFLX_Types.Bytes; + + use type RFLX_Types.Byte; + + use type RFLX_Types.Bytes_Ptr; + + use type RFLX_Types.Length; + + use type RFLX_Types.Index; + + use type RFLX_Types.Bit_Index; + + use type RFLX_Types.Base_Integer; + + use type RFLX_Types.Offset; + + pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); + + pragma Warnings (On, """BASE_INTEGER"" is already use-visible through previous use_type_clause"); + + pragma Warnings (On, "use clause for type ""Base_Integer"" * has no effect"); + + pragma Warnings (On, "use clause for type ""Bytes"" * has no effect"); + + pragma Unevaluated_Use_Of_Old (Allow); + + type Virtual_Field is (F_Initial, F_Source_Port, F_Destination_Port, F_Data_Offset, F_CCVal, F_CsCov, F_Checksum, F_Res_3, F_Packet_Type, F_X, F_Res_8, F_Sequence_Number_Short, F_Sequence_Number_Long, F_Ack_Reserved_Short, F_Ack_Reserved_Long, F_Ack_Number_Short, F_Ack_Number_Long, F_Reset_Code, F_Service_Code, F_Data_1, F_Data_2, F_Data_3, F_Options, F_Data, F_Final); + + subtype Field is Virtual_Field range F_Source_Port .. F_Data; + + type Field_Cursor is private with + Default_Initial_Condition => + False; + + type Field_Cursors is private with + Default_Initial_Condition => + False; + + type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with + Default_Initial_Condition => + RFLX_Types.To_Index (First) >= Buffer_First + and RFLX_Types.To_Index (Last) <= Buffer_Last + and Buffer_Last < RFLX_Types.Index'Last + and First <= Last + 1 + and Last < RFLX_Types.Bit_Index'Last + and First rem RFLX_Types.Byte'Size = 1 + and Last rem RFLX_Types.Byte'Size = 0; + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; Written_Last : RFLX_Types.Bit_Length := 0) with + Pre => + not Ctx'Constrained + and then Buffer /= null + and then Buffer'Length > 0 + and then Buffer'Last < RFLX_Types.Index'Last + and then (Written_Last = 0 + or (Written_Last >= RFLX_Types.To_First_Bit_Index (Buffer'First) - 1 + and Written_Last <= RFLX_Types.To_Last_Bit_Index (Buffer'Last))) + and then Written_Last mod RFLX_Types.Byte'Size = 0, + Post => + Has_Buffer (Ctx) + and Buffer = null + and Ctx.Buffer_First = Buffer'First'Old + and Ctx.Buffer_Last = Buffer'Last'Old + and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) + and Ctx.Last = RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last) + and Initialized (Ctx), + Depends => + (Ctx => (Buffer, Written_Last), Buffer => null); + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length := 0) with + Pre => + not Ctx'Constrained + and then Buffer /= null + and then Buffer'Length > 0 + and then Buffer'Last < RFLX_Types.Index'Last + and then RFLX_Types.To_Index (First) >= Buffer'First + and then RFLX_Types.To_Index (Last) <= Buffer'Last + and then First <= Last + 1 + and then Last < RFLX_Types.Bit_Index'Last + and then First rem RFLX_Types.Byte'Size = 1 + and then Last rem RFLX_Types.Byte'Size = 0 + and then (Written_Last = 0 + or (Written_Last >= First - 1 + and Written_Last <= Last)) + and then Written_Last rem RFLX_Types.Byte'Size = 0, + Post => + Buffer = null + and Has_Buffer (Ctx) + and Ctx.Buffer_First = Buffer'First'Old + and Ctx.Buffer_Last = Buffer'Last'Old + and Ctx.First = First + and Ctx.Last = Last + and Initialized (Ctx), + Depends => + (Ctx => (Buffer, First, Last, Written_Last), Buffer => null); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Initialized (Ctx : Context) return Boolean with + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + procedure Reset (Ctx : in out Context) with + Pre => + not Ctx'Constrained + and RFLX.DCCP.Packet.Has_Buffer (Ctx), + Post => + Has_Buffer (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) + and Ctx.Last = RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last) + and Initialized (Ctx); + + procedure Reset (Ctx : in out Context; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) with + Pre => + not Ctx'Constrained + and RFLX.DCCP.Packet.Has_Buffer (Ctx) + and RFLX_Types.To_Index (First) >= Ctx.Buffer_First + and RFLX_Types.To_Index (Last) <= Ctx.Buffer_Last + and First <= Last + 1 + and Last < RFLX_Types.Bit_Length'Last + and First rem RFLX_Types.Byte'Size = 1 + and Last rem RFLX_Types.Byte'Size = 0, + Post => + Has_Buffer (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = First + and Ctx.Last = Last + and Initialized (Ctx); + + procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx), + Post => + not Has_Buffer (Ctx) + and Buffer /= null + and Ctx.Buffer_First = Buffer'First + and Ctx.Buffer_Last = Buffer'Last + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Context_Cursors (Ctx) = Context_Cursors (Ctx)'Old, + Depends => + (Ctx => Ctx, Buffer => Ctx); + + procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Well_Formed_Message (Ctx) + and then RFLX.DCCP.Packet.Byte_Size (Ctx) = Buffer'Length; + + function Read (Ctx : Context) return RFLX_Types.Bytes with + Ghost, + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Well_Formed_Message (Ctx); + + pragma Warnings (Off, "formal parameter ""*"" is not referenced"); + + pragma Warnings (Off, "unused variable ""*"""); + + function Always_Valid (Buffer : RFLX_Types.Bytes) return Boolean is + (True); + + pragma Warnings (On, "unused variable ""*"""); + + pragma Warnings (On, "formal parameter ""*"" is not referenced"); + + generic + with procedure Read (Buffer : RFLX_Types.Bytes); + with function Pre (Buffer : RFLX_Types.Bytes) return Boolean is Always_Valid; + procedure Generic_Read (Ctx : Context) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Well_Formed_Message (Ctx) + and then Pre (Read (Ctx)); + + pragma Warnings (Off, "formal parameter ""*"" is not referenced"); + + pragma Warnings (Off, "unused variable ""*"""); + + function Always_Valid (Context_Buffer_Length : RFLX_Types.Length; Offset : RFLX_Types.Length) return Boolean is + (True); + + pragma Warnings (On, "unused variable ""*"""); + + pragma Warnings (On, "formal parameter ""*"" is not referenced"); + + generic + with procedure Write (Buffer : out RFLX_Types.Bytes; Length : out RFLX_Types.Length; Context_Buffer_Length : RFLX_Types.Length; Offset : RFLX_Types.Length); + with function Pre (Context_Buffer_Length : RFLX_Types.Length; Offset : RFLX_Types.Length) return Boolean is Always_Valid; + procedure Generic_Write (Ctx : in out Context; Offset : RFLX_Types.Length := 0) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then Offset < RFLX.DCCP.Packet.Buffer_Length (Ctx) + and then Pre (RFLX.DCCP.Packet.Buffer_Length (Ctx), Offset), + Post => + Has_Buffer (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) + and Initialized (Ctx); + + function Has_Buffer (Ctx : Context) return Boolean; + + function Buffer_Length (Ctx : Context) return RFLX_Types.Length with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx); + + function Size (Ctx : Context) return RFLX_Types.Bit_Length with + Post => + Size'Result rem RFLX_Types.Byte'Size = 0; + + function Byte_Size (Ctx : Context) return RFLX_Types.Length; + + function Message_Last (Ctx : Context) return RFLX_Types.Bit_Length with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Well_Formed_Message (Ctx); + + function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length; + + procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Well_Formed_Message (Ctx) + and then Data'Length = RFLX.DCCP.Packet.Byte_Size (Ctx); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Valid_Value (Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean with + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Path_Condition (Ctx : Context; Fld : Field) return Boolean with + Pre => + RFLX.DCCP.Packet.Valid_Predecessor (Ctx, Fld), + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Predecessor (Ctx, Fld) + and then RFLX.DCCP.Packet.Valid_Value (Fld, Val) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, Fld) + and then RFLX.DCCP.Packet.Sufficient_Space (Ctx, Fld), + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + function Field_Size (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length with + Pre => + RFLX.DCCP.Packet.Valid_Next (Ctx, Fld), + Post => + (case Fld is + when F_Options | F_Data => + Field_Size'Result rem RFLX_Types.Byte'Size = 0, + when others => + True); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Field_First (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Index with + Pre => + RFLX.DCCP.Packet.Valid_Next (Ctx, Fld), + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + function Field_Last (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length with + Pre => + RFLX.DCCP.Packet.Valid_Next (Ctx, Fld) + and then RFLX.DCCP.Packet.Sufficient_Space (Ctx, Fld), + Post => + (case Fld is + when F_Options | F_Data => + Field_Last'Result rem RFLX_Types.Byte'Size = 0, + when others => + True); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Predecessor (Ctx : Context; Fld : Virtual_Field) return Virtual_Field with + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Valid_Predecessor (Ctx : Context; Fld : Virtual_Field) return Boolean with + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + function Valid_Next (Ctx : Context; Fld : Field) return Boolean; + + function Available_Space (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length with + Pre => + RFLX.DCCP.Packet.Valid_Next (Ctx, Fld); + + function Sufficient_Space (Ctx : Context; Fld : Field) return Boolean with + Pre => + RFLX.DCCP.Packet.Valid_Next (Ctx, Fld); + + function Equal (Ctx : Context; Fld : Field; Data : RFLX_Types.Bytes) return Boolean with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and RFLX.DCCP.Packet.Valid_Next (Ctx, Fld); + + procedure Verify (Ctx : in out Context; Fld : Field) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx), + Post => + Has_Buffer (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old; + + procedure Verify_Message (Ctx : in out Context) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx), + Post => + Has_Buffer (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old; + + function Present (Ctx : Context; Fld : Field) return Boolean; + + function Well_Formed (Ctx : Context; Fld : Field) return Boolean; + + function Valid (Ctx : Context; Fld : Field) return Boolean with + Post => + (if Valid'Result then Well_Formed (Ctx, Fld) and Present (Ctx, Fld)); + + function Incomplete (Ctx : Context; Fld : Field) return Boolean; + + function Invalid (Ctx : Context; Fld : Field) return Boolean; + + function Well_Formed_Message (Ctx : Context) return Boolean with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx); + + function Valid_Message (Ctx : Context) return Boolean with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Incomplete_Message (Ctx : Context) return Boolean with + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + pragma Warnings (Off, "precondition is always False"); + + function Get_Source_Port (Ctx : Context) return RFLX.DCCP.Port_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Source_Port); + + function Get_Destination_Port (Ctx : Context) return RFLX.DCCP.Port_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Destination_Port); + + function Get_Data_Offset (Ctx : Context) return RFLX.DCCP.Data_Offset_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Data_Offset); + + function Get_CCVal (Ctx : Context) return RFLX.DCCP.CCVal_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_CCVal); + + function Get_CsCov (Ctx : Context) return RFLX.DCCP.Checksum_Coverage_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_CsCov); + + function Get_Checksum (Ctx : Context) return RFLX.DCCP.Checksum_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Checksum); + + function Get_Res_3 (Ctx : Context) return RFLX.DCCP.Reserved_3_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Res_3); + + function Get_Packet_Type (Ctx : Context) return RFLX.DCCP.Type_Field with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Packet_Type); + + function Get_X (Ctx : Context) return RFLX.DCCP.Ext_Seq_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_X); + + function Get_Res_8 (Ctx : Context) return RFLX.DCCP.Reserved_8_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Res_8); + + function Get_Sequence_Number_Short (Ctx : Context) return RFLX.DCCP.Sequence_Number_Short_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Short); + + function Get_Sequence_Number_Long (Ctx : Context) return RFLX.DCCP.Sequence_Number_Long_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Long); + + function Get_Ack_Reserved_Short (Ctx : Context) return RFLX.DCCP.Reserved_8_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Short); + + function Get_Ack_Reserved_Long (Ctx : Context) return RFLX.DCCP.Reserved_16_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Long); + + function Get_Ack_Number_Short (Ctx : Context) return RFLX.DCCP.Ack_Number_Short_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Short); + + function Get_Ack_Number_Long (Ctx : Context) return RFLX.DCCP.Ack_Number_Long_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Long); + + function Get_Reset_Code (Ctx : Context) return RFLX.DCCP.Reset_Code_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Reset_Code); + + function Get_Service_Code (Ctx : Context) return RFLX.DCCP.Service_Code_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Service_Code); + + function Get_Data_1 (Ctx : Context) return RFLX.DCCP.Data_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Data_1); + + function Get_Data_2 (Ctx : Context) return RFLX.DCCP.Data_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Data_2); + + function Get_Data_3 (Ctx : Context) return RFLX.DCCP.Data_Type with + Pre => + RFLX.DCCP.Packet.Valid (Ctx, RFLX.DCCP.Packet.F_Data_3); + + pragma Warnings (On, "precondition is always False"); + + function Get_Data (Ctx : Context) return RFLX_Types.Bytes with + Ghost, + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Well_Formed (Ctx, RFLX.DCCP.Packet.F_Data) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data), + Post => + Get_Data'Result'Length = RFLX_Types.To_Length (Field_Size (Ctx, F_Data)); + + procedure Get_Data (Ctx : Context; Data : out RFLX_Types.Bytes) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Well_Formed (Ctx, RFLX.DCCP.Packet.F_Data) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data) + and then Data'Length = RFLX_Types.To_Length (RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data)), + Post => + Equal (Ctx, F_Data, Data); + + generic + with procedure Process_Data (Data : RFLX_Types.Bytes); + procedure Generic_Get_Data (Ctx : Context) with + Pre => + RFLX.DCCP.Packet.Has_Buffer (Ctx) + and RFLX.DCCP.Packet.Present (Ctx, RFLX.DCCP.Packet.F_Data); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Valid_Length (Ctx : Context; Fld : Field; Length : RFLX_Types.Length) return Boolean with + Pre => + RFLX.DCCP.Packet.Valid_Next (Ctx, Fld), + Post => + True; + + pragma Warnings (On, "postcondition does not mention function result"); + + pragma Warnings (Off, "aspect ""*"" not enforced on inlined subprogram ""*"""); + + procedure Set_Source_Port (Ctx : in out Context; Val : RFLX.DCCP.Port_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Source_Port) + and then RFLX.DCCP.Valid_Port_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Source_Port) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Source_Port) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Source_Port, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Source_Port) + and Get_Source_Port (Ctx) = Val + and Invalid (Ctx, F_Destination_Port) + and Invalid (Ctx, F_Data_Offset) + and Invalid (Ctx, F_CCVal) + and Invalid (Ctx, F_CsCov) + and Invalid (Ctx, F_Checksum) + and Invalid (Ctx, F_Res_3) + and Invalid (Ctx, F_Packet_Type) + and Invalid (Ctx, F_X) + and Invalid (Ctx, F_Res_8) + and Invalid (Ctx, F_Sequence_Number_Short) + and Invalid (Ctx, F_Sequence_Number_Long) + and Invalid (Ctx, F_Ack_Reserved_Short) + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Destination_Port) = F_Source_Port + and Valid_Next (Ctx, F_Destination_Port)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Source_Port) = Predecessor (Ctx, F_Source_Port)'Old + and Valid_Next (Ctx, F_Source_Port) = Valid_Next (Ctx, F_Source_Port)'Old + and Field_First (Ctx, F_Source_Port) = Field_First (Ctx, F_Source_Port)'Old; + + procedure Set_Destination_Port (Ctx : in out Context; Val : RFLX.DCCP.Port_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Destination_Port) + and then RFLX.DCCP.Valid_Port_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Destination_Port) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Destination_Port) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Destination_Port, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Destination_Port) + and Get_Destination_Port (Ctx) = Val + and Invalid (Ctx, F_Data_Offset) + and Invalid (Ctx, F_CCVal) + and Invalid (Ctx, F_CsCov) + and Invalid (Ctx, F_Checksum) + and Invalid (Ctx, F_Res_3) + and Invalid (Ctx, F_Packet_Type) + and Invalid (Ctx, F_X) + and Invalid (Ctx, F_Res_8) + and Invalid (Ctx, F_Sequence_Number_Short) + and Invalid (Ctx, F_Sequence_Number_Long) + and Invalid (Ctx, F_Ack_Reserved_Short) + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Data_Offset) = F_Destination_Port + and Valid_Next (Ctx, F_Data_Offset)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Destination_Port) = Predecessor (Ctx, F_Destination_Port)'Old + and Valid_Next (Ctx, F_Destination_Port) = Valid_Next (Ctx, F_Destination_Port)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Field_First (Ctx, F_Destination_Port) = Field_First (Ctx, F_Destination_Port)'Old + and (for all F in Field range F_Source_Port .. F_Source_Port => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Data_Offset (Ctx : in out Context; Val : RFLX.DCCP.Data_Offset_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data_Offset) + and then RFLX.DCCP.Valid_Data_Offset_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data_Offset) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data_Offset) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Data_Offset, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Data_Offset) + and Get_Data_Offset (Ctx) = Val + and Invalid (Ctx, F_CCVal) + and Invalid (Ctx, F_CsCov) + and Invalid (Ctx, F_Checksum) + and Invalid (Ctx, F_Res_3) + and Invalid (Ctx, F_Packet_Type) + and Invalid (Ctx, F_X) + and Invalid (Ctx, F_Res_8) + and Invalid (Ctx, F_Sequence_Number_Short) + and Invalid (Ctx, F_Sequence_Number_Long) + and Invalid (Ctx, F_Ack_Reserved_Short) + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_CCVal) = F_Data_Offset + and Valid_Next (Ctx, F_CCVal)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Data_Offset) = Predecessor (Ctx, F_Data_Offset)'Old + and Valid_Next (Ctx, F_Data_Offset) = Valid_Next (Ctx, F_Data_Offset)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Field_First (Ctx, F_Data_Offset) = Field_First (Ctx, F_Data_Offset)'Old + and (for all F in Field range F_Source_Port .. F_Destination_Port => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_CCVal (Ctx : in out Context; Val : RFLX.DCCP.CCVal_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_CCVal) + and then RFLX.DCCP.Valid_CCVal_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_CCVal) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_CCVal) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_CCVal, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_CCVal) + and Get_CCVal (Ctx) = Val + and Invalid (Ctx, F_CsCov) + and Invalid (Ctx, F_Checksum) + and Invalid (Ctx, F_Res_3) + and Invalid (Ctx, F_Packet_Type) + and Invalid (Ctx, F_X) + and Invalid (Ctx, F_Res_8) + and Invalid (Ctx, F_Sequence_Number_Short) + and Invalid (Ctx, F_Sequence_Number_Long) + and Invalid (Ctx, F_Ack_Reserved_Short) + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_CsCov) = F_CCVal + and Valid_Next (Ctx, F_CsCov)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_CCVal) = Predecessor (Ctx, F_CCVal)'Old + and Valid_Next (Ctx, F_CCVal) = Valid_Next (Ctx, F_CCVal)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Field_First (Ctx, F_CCVal) = Field_First (Ctx, F_CCVal)'Old + and (for all F in Field range F_Source_Port .. F_Data_Offset => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_CsCov (Ctx : in out Context; Val : RFLX.DCCP.Checksum_Coverage_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_CsCov) + and then RFLX.DCCP.Valid_Checksum_Coverage_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_CsCov) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_CsCov) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_CsCov, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_CsCov) + and Get_CsCov (Ctx) = Val + and Invalid (Ctx, F_Checksum) + and Invalid (Ctx, F_Res_3) + and Invalid (Ctx, F_Packet_Type) + and Invalid (Ctx, F_X) + and Invalid (Ctx, F_Res_8) + and Invalid (Ctx, F_Sequence_Number_Short) + and Invalid (Ctx, F_Sequence_Number_Long) + and Invalid (Ctx, F_Ack_Reserved_Short) + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Checksum) = F_CsCov + and Valid_Next (Ctx, F_Checksum)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_CsCov) = Predecessor (Ctx, F_CsCov)'Old + and Valid_Next (Ctx, F_CsCov) = Valid_Next (Ctx, F_CsCov)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Field_First (Ctx, F_CsCov) = Field_First (Ctx, F_CsCov)'Old + and (for all F in Field range F_Source_Port .. F_CCVal => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Checksum (Ctx : in out Context; Val : RFLX.DCCP.Checksum_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Checksum) + and then RFLX.DCCP.Valid_Checksum_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Checksum) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Checksum) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Checksum, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Checksum) + and Get_Checksum (Ctx) = Val + and Invalid (Ctx, F_Res_3) + and Invalid (Ctx, F_Packet_Type) + and Invalid (Ctx, F_X) + and Invalid (Ctx, F_Res_8) + and Invalid (Ctx, F_Sequence_Number_Short) + and Invalid (Ctx, F_Sequence_Number_Long) + and Invalid (Ctx, F_Ack_Reserved_Short) + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Res_3) = F_Checksum + and Valid_Next (Ctx, F_Res_3)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Checksum) = Predecessor (Ctx, F_Checksum)'Old + and Valid_Next (Ctx, F_Checksum) = Valid_Next (Ctx, F_Checksum)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Field_First (Ctx, F_Checksum) = Field_First (Ctx, F_Checksum)'Old + and (for all F in Field range F_Source_Port .. F_CsCov => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Res_3 (Ctx : in out Context; Val : RFLX.DCCP.Reserved_3_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Res_3) + and then RFLX.DCCP.Valid_Reserved_3_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Res_3) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Res_3) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Res_3, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Res_3) + and Get_Res_3 (Ctx) = Val + and Invalid (Ctx, F_Packet_Type) + and Invalid (Ctx, F_X) + and Invalid (Ctx, F_Res_8) + and Invalid (Ctx, F_Sequence_Number_Short) + and Invalid (Ctx, F_Sequence_Number_Long) + and Invalid (Ctx, F_Ack_Reserved_Short) + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Packet_Type) = F_Res_3 + and Valid_Next (Ctx, F_Packet_Type)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Res_3) = Predecessor (Ctx, F_Res_3)'Old + and Valid_Next (Ctx, F_Res_3) = Valid_Next (Ctx, F_Res_3)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Field_First (Ctx, F_Res_3) = Field_First (Ctx, F_Res_3)'Old + and (for all F in Field range F_Source_Port .. F_Checksum => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Packet_Type (Ctx : in out Context; Val : RFLX.DCCP.Type_Field) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Packet_Type) + and then RFLX.DCCP.Valid_Type_Field (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Packet_Type) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Packet_Type) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Packet_Type, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Packet_Type) + and Get_Packet_Type (Ctx) = Val + and Invalid (Ctx, F_X) + and Invalid (Ctx, F_Res_8) + and Invalid (Ctx, F_Sequence_Number_Short) + and Invalid (Ctx, F_Sequence_Number_Long) + and Invalid (Ctx, F_Ack_Reserved_Short) + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_X) = F_Packet_Type + and Valid_Next (Ctx, F_X)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Packet_Type) = Predecessor (Ctx, F_Packet_Type)'Old + and Valid_Next (Ctx, F_Packet_Type) = Valid_Next (Ctx, F_Packet_Type)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Field_First (Ctx, F_Packet_Type) = Field_First (Ctx, F_Packet_Type)'Old + and (for all F in Field range F_Source_Port .. F_Res_3 => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_X (Ctx : in out Context; Val : RFLX.DCCP.Ext_Seq_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_X) + and then RFLX.DCCP.Valid_Ext_Seq_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_X) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_X) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_X, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_X) + and Get_X (Ctx) = Val + and Invalid (Ctx, F_Res_8) + and Invalid (Ctx, F_Sequence_Number_Short) + and Invalid (Ctx, F_Sequence_Number_Long) + and Invalid (Ctx, F_Ack_Reserved_Short) + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_X (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)) + then + Predecessor (Ctx, F_Res_8) = F_X + and Valid_Next (Ctx, F_Res_8)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_X (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)) + then + Predecessor (Ctx, F_Sequence_Number_Short) = F_X + and Valid_Next (Ctx, F_Sequence_Number_Short)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_X) = Predecessor (Ctx, F_X)'Old + and Valid_Next (Ctx, F_X) = Valid_Next (Ctx, F_X)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Field_First (Ctx, F_X) = Field_First (Ctx, F_X)'Old + and (for all F in Field range F_Source_Port .. F_Packet_Type => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Res_8 (Ctx : in out Context; Val : RFLX.DCCP.Reserved_8_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Res_8) + and then RFLX.DCCP.Valid_Reserved_8_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Res_8) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Res_8) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Res_8, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Res_8) + and Get_Res_8 (Ctx) = Val + and Invalid (Ctx, F_Sequence_Number_Short) + and Invalid (Ctx, F_Sequence_Number_Long) + and Invalid (Ctx, F_Ack_Reserved_Short) + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Sequence_Number_Long) = F_Res_8 + and Valid_Next (Ctx, F_Sequence_Number_Long)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Res_8) = Predecessor (Ctx, F_Res_8)'Old + and Valid_Next (Ctx, F_Res_8) = Valid_Next (Ctx, F_Res_8)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Field_First (Ctx, F_Res_8) = Field_First (Ctx, F_Res_8)'Old + and (for all F in Field range F_Source_Port .. F_X => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Sequence_Number_Short (Ctx : in out Context; Val : RFLX.DCCP.Sequence_Number_Short_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Short) + and then RFLX.DCCP.Valid_Sequence_Number_Short_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Short) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Short) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Short, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Sequence_Number_Short) + and Get_Sequence_Number_Short (Ctx) = Val + and Invalid (Ctx, F_Sequence_Number_Long) + and Invalid (Ctx, F_Ack_Reserved_Short) + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + Predecessor (Ctx, F_Ack_Reserved_Short) = F_Sequence_Number_Short + and Valid_Next (Ctx, F_Ack_Reserved_Short)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Sequence_Number_Short + and Valid_Next (Ctx, F_Data)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Sequence_Number_Short + and Valid_Next (Ctx, F_Options)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Sequence_Number_Short) = Predecessor (Ctx, F_Sequence_Number_Short)'Old + and Valid_Next (Ctx, F_Sequence_Number_Short) = Valid_Next (Ctx, F_Sequence_Number_Short)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Field_First (Ctx, F_Sequence_Number_Short) = Field_First (Ctx, F_Sequence_Number_Short)'Old + and (for all F in Field range F_Source_Port .. F_Res_8 => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Sequence_Number_Long (Ctx : in out Context; Val : RFLX.DCCP.Sequence_Number_Long_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Long) + and then RFLX.DCCP.Valid_Sequence_Number_Long_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Long) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Long) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Sequence_Number_Long, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Sequence_Number_Long) + and Get_Sequence_Number_Long (Ctx) = Val + and Invalid (Ctx, F_Ack_Reserved_Short) + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + Predecessor (Ctx, F_Ack_Reserved_Long) = F_Sequence_Number_Long + and Valid_Next (Ctx, F_Ack_Reserved_Long)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Sequence_Number_Long + and Valid_Next (Ctx, F_Data)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Sequence_Number_Long + and Valid_Next (Ctx, F_Options)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + Predecessor (Ctx, F_Service_Code) = F_Sequence_Number_Long + and Valid_Next (Ctx, F_Service_Code)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Sequence_Number_Long) = Predecessor (Ctx, F_Sequence_Number_Long)'Old + and Valid_Next (Ctx, F_Sequence_Number_Long) = Valid_Next (Ctx, F_Sequence_Number_Long)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old + and Field_First (Ctx, F_Sequence_Number_Long) = Field_First (Ctx, F_Sequence_Number_Long)'Old + and (for all F in Field range F_Source_Port .. F_Sequence_Number_Short => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Ack_Reserved_Short (Ctx : in out Context; Val : RFLX.DCCP.Reserved_8_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Short) + and then RFLX.DCCP.Valid_Reserved_8_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Short) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Short) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Short, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Ack_Reserved_Short) + and Get_Ack_Reserved_Short (Ctx) = Val + and Invalid (Ctx, F_Ack_Reserved_Long) + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Ack_Number_Short) = F_Ack_Reserved_Short + and Valid_Next (Ctx, F_Ack_Number_Short)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Ack_Reserved_Short) = Predecessor (Ctx, F_Ack_Reserved_Short)'Old + and Valid_Next (Ctx, F_Ack_Reserved_Short) = Valid_Next (Ctx, F_Ack_Reserved_Short)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Get_Sequence_Number_Short (Ctx) = Get_Sequence_Number_Short (Ctx)'Old + and Field_First (Ctx, F_Ack_Reserved_Short) = Field_First (Ctx, F_Ack_Reserved_Short)'Old + and (for all F in Field range F_Source_Port .. F_Sequence_Number_Long => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Ack_Reserved_Long (Ctx : in out Context; Val : RFLX.DCCP.Reserved_16_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Long) + and then RFLX.DCCP.Valid_Reserved_16_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Long) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Long) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Ack_Reserved_Long, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Ack_Reserved_Long) + and Get_Ack_Reserved_Long (Ctx) = Val + and Invalid (Ctx, F_Ack_Number_Short) + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Ack_Number_Long) = F_Ack_Reserved_Long + and Valid_Next (Ctx, F_Ack_Number_Long)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Ack_Reserved_Long) = Predecessor (Ctx, F_Ack_Reserved_Long)'Old + and Valid_Next (Ctx, F_Ack_Reserved_Long) = Valid_Next (Ctx, F_Ack_Reserved_Long)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old + and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old + and Field_First (Ctx, F_Ack_Reserved_Long) = Field_First (Ctx, F_Ack_Reserved_Long)'Old + and (for all F in Field range F_Source_Port .. F_Ack_Reserved_Short => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Ack_Number_Short (Ctx : in out Context; Val : RFLX.DCCP.Ack_Number_Short_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Short) + and then RFLX.DCCP.Valid_Ack_Number_Short_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Short) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Short) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Short, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Ack_Number_Short) + and Get_Ack_Number_Short (Ctx) = Val + and Invalid (Ctx, F_Ack_Number_Long) + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (if + (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Ack_Number_Short + and Valid_Next (Ctx, F_Data)) + and (if + (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Ack_Number_Short + and Valid_Next (Ctx, F_Options)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Ack_Number_Short) = Predecessor (Ctx, F_Ack_Number_Short)'Old + and Valid_Next (Ctx, F_Ack_Number_Short) = Valid_Next (Ctx, F_Ack_Number_Short)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Get_Sequence_Number_Short (Ctx) = Get_Sequence_Number_Short (Ctx)'Old + and Get_Ack_Reserved_Short (Ctx) = Get_Ack_Reserved_Short (Ctx)'Old + and Field_First (Ctx, F_Ack_Number_Short) = Field_First (Ctx, F_Ack_Number_Short)'Old + and (for all F in Field range F_Source_Port .. F_Ack_Reserved_Long => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Ack_Number_Long (Ctx : in out Context; Val : RFLX.DCCP.Ack_Number_Long_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Long) + and then RFLX.DCCP.Valid_Ack_Number_Long_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Long) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Long) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Ack_Number_Long, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Ack_Number_Long) + and Get_Ack_Number_Long (Ctx) = Val + and Invalid (Ctx, F_Reset_Code) + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (if + (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Ack_Number_Long + and Valid_Next (Ctx, F_Data)) + and (if + (RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Ack_Number_Long + and Valid_Next (Ctx, F_Options)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)) + then + Predecessor (Ctx, F_Reset_Code) = F_Ack_Number_Long + and Valid_Next (Ctx, F_Reset_Code)) + and (if + RFLX_Types.Base_Integer (To_Base_Integer (Get_Packet_Type (Ctx))) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)) + then + Predecessor (Ctx, F_Service_Code) = F_Ack_Number_Long + and Valid_Next (Ctx, F_Service_Code)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Ack_Number_Long) = Predecessor (Ctx, F_Ack_Number_Long)'Old + and Valid_Next (Ctx, F_Ack_Number_Long) = Valid_Next (Ctx, F_Ack_Number_Long)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old + and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old + and Get_Ack_Reserved_Long (Ctx) = Get_Ack_Reserved_Long (Ctx)'Old + and Field_First (Ctx, F_Ack_Number_Long) = Field_First (Ctx, F_Ack_Number_Long)'Old + and (for all F in Field range F_Source_Port .. F_Ack_Number_Short => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Reset_Code (Ctx : in out Context; Val : RFLX.DCCP.Reset_Code_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Reset_Code) + and then RFLX.DCCP.Valid_Reset_Code_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Reset_Code) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Reset_Code) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Reset_Code, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Reset_Code) + and Get_Reset_Code (Ctx) = Val + and Invalid (Ctx, F_Service_Code) + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Data_1) = F_Reset_Code + and Valid_Next (Ctx, F_Data_1)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Reset_Code) = Predecessor (Ctx, F_Reset_Code)'Old + and Valid_Next (Ctx, F_Reset_Code) = Valid_Next (Ctx, F_Reset_Code)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old + and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old + and Get_Ack_Reserved_Long (Ctx) = Get_Ack_Reserved_Long (Ctx)'Old + and Get_Ack_Number_Long (Ctx) = Get_Ack_Number_Long (Ctx)'Old + and Field_First (Ctx, F_Reset_Code) = Field_First (Ctx, F_Reset_Code)'Old + and (for all F in Field range F_Source_Port .. F_Ack_Number_Long => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Service_Code (Ctx : in out Context; Val : RFLX.DCCP.Service_Code_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Service_Code) + and then RFLX.DCCP.Valid_Service_Code_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Service_Code) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Service_Code) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Service_Code, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Service_Code) + and Get_Service_Code (Ctx) = Val + and Invalid (Ctx, F_Data_1) + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (if + RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Service_Code + and Valid_Next (Ctx, F_Data)) + and (if + RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Service_Code + and Valid_Next (Ctx, F_Options)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Service_Code) = Predecessor (Ctx, F_Service_Code)'Old + and Valid_Next (Ctx, F_Service_Code) = Valid_Next (Ctx, F_Service_Code)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old + and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old + and Field_First (Ctx, F_Service_Code) = Field_First (Ctx, F_Service_Code)'Old + and (for all F in Field range F_Source_Port .. F_Reset_Code => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Data_1 (Ctx : in out Context; Val : RFLX.DCCP.Data_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data_1) + and then RFLX.DCCP.Valid_Data_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data_1) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data_1) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Data_1, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Data_1) + and Get_Data_1 (Ctx) = Val + and Invalid (Ctx, F_Data_2) + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Data_2) = F_Data_1 + and Valid_Next (Ctx, F_Data_2)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Data_1) = Predecessor (Ctx, F_Data_1)'Old + and Valid_Next (Ctx, F_Data_1) = Valid_Next (Ctx, F_Data_1)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old + and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old + and Get_Ack_Reserved_Long (Ctx) = Get_Ack_Reserved_Long (Ctx)'Old + and Get_Ack_Number_Long (Ctx) = Get_Ack_Number_Long (Ctx)'Old + and Get_Reset_Code (Ctx) = Get_Reset_Code (Ctx)'Old + and Field_First (Ctx, F_Data_1) = Field_First (Ctx, F_Data_1)'Old + and (for all F in Field range F_Source_Port .. F_Service_Code => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Data_2 (Ctx : in out Context; Val : RFLX.DCCP.Data_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data_2) + and then RFLX.DCCP.Valid_Data_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data_2) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data_2) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Data_2, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Data_2) + and Get_Data_2 (Ctx) = Val + and Invalid (Ctx, F_Data_3) + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Data_3) = F_Data_2 + and Valid_Next (Ctx, F_Data_3)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Data_2) = Predecessor (Ctx, F_Data_2)'Old + and Valid_Next (Ctx, F_Data_2) = Valid_Next (Ctx, F_Data_2)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old + and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old + and Get_Ack_Reserved_Long (Ctx) = Get_Ack_Reserved_Long (Ctx)'Old + and Get_Ack_Number_Long (Ctx) = Get_Ack_Number_Long (Ctx)'Old + and Get_Reset_Code (Ctx) = Get_Reset_Code (Ctx)'Old + and Get_Data_1 (Ctx) = Get_Data_1 (Ctx)'Old + and Field_First (Ctx, F_Data_2) = Field_First (Ctx, F_Data_2)'Old + and (for all F in Field range F_Source_Port .. F_Data_1 => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + procedure Set_Data_3 (Ctx : in out Context; Val : RFLX.DCCP.Data_Type) with + Inline_Always, + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data_3) + and then RFLX.DCCP.Valid_Data_Type (RFLX.DCCP.To_Base_Integer (Val)) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data_3) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data_3) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Data_3, RFLX.DCCP.To_Base_Integer (Val)), + Post => + Has_Buffer (Ctx) + and Valid (Ctx, F_Data_3) + and Get_Data_3 (Ctx) = Val + and Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (if + RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Data) = F_Data_3 + and Valid_Next (Ctx, F_Data)) + and (if + RFLX_Types.Base_Integer (Get_Data_Offset (Ctx)) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + then + Predecessor (Ctx, F_Options) = F_Data_3 + and Valid_Next (Ctx, F_Options)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Data_3) = Predecessor (Ctx, F_Data_3)'Old + and Valid_Next (Ctx, F_Data_3) = Valid_Next (Ctx, F_Data_3)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Get_Res_8 (Ctx) = Get_Res_8 (Ctx)'Old + and Get_Sequence_Number_Long (Ctx) = Get_Sequence_Number_Long (Ctx)'Old + and Get_Ack_Reserved_Long (Ctx) = Get_Ack_Reserved_Long (Ctx)'Old + and Get_Ack_Number_Long (Ctx) = Get_Ack_Number_Long (Ctx)'Old + and Get_Reset_Code (Ctx) = Get_Reset_Code (Ctx)'Old + and Get_Data_1 (Ctx) = Get_Data_1 (Ctx)'Old + and Get_Data_2 (Ctx) = Get_Data_2 (Ctx)'Old + and Field_First (Ctx, F_Data_3) = Field_First (Ctx, F_Data_3)'Old + and (for all F in Field range F_Source_Port .. F_Data_2 => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)); + + pragma Warnings (On, "aspect ""*"" not enforced on inlined subprogram ""*"""); + + procedure Set_Data_Empty (Ctx : in out Context) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Data, 0) + and then RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data) = 0, + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Data) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Data)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Data) = Predecessor (Ctx, F_Data)'Old + and Valid_Next (Ctx, F_Data) = Valid_Next (Ctx, F_Data)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Field_First (Ctx, F_Data) = Field_First (Ctx, F_Data)'Old; + + procedure Set_Options (Ctx : in out Context; Seq_Ctx : RFLX.DCCP.Options.Context) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Options) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Options) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Options) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Options, 0) + and then RFLX.DCCP.Packet.Valid_Length (Ctx, RFLX.DCCP.Packet.F_Options, RFLX.DCCP.Options.Byte_Size (Seq_Ctx)) + and then RFLX.DCCP.Options.Has_Buffer (Seq_Ctx) + and then RFLX.DCCP.Options.Valid (Seq_Ctx), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Data) = F_Options + and Valid_Next (Ctx, F_Data)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Options) = Predecessor (Ctx, F_Options)'Old + and Valid_Next (Ctx, F_Options) = Valid_Next (Ctx, F_Options)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Field_First (Ctx, F_Options) = Field_First (Ctx, F_Options)'Old + and (if Field_Size (Ctx, F_Options) > 0 then Present (Ctx, F_Options)); + + procedure Initialize_Options (Ctx : in out Context) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Options) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Options) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Options), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Options) + and Invalid (Ctx, F_Data) + and (Predecessor (Ctx, F_Data) = F_Options + and Valid_Next (Ctx, F_Data)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Options) = Predecessor (Ctx, F_Options)'Old + and Valid_Next (Ctx, F_Options) = Valid_Next (Ctx, F_Options)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Field_First (Ctx, F_Options) = Field_First (Ctx, F_Options)'Old; + + procedure Initialize_Data (Ctx : in out Context; Length : RFLX_Types.Length) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data) + and then RFLX.DCCP.Packet.Valid_Length (Ctx, RFLX.DCCP.Packet.F_Data, Length) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data) >= RFLX_Types.To_Bit_Length (Length), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Data) + and Field_Size (Ctx, F_Data) = RFLX_Types.To_Bit_Length (Length) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Data)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Data) = Predecessor (Ctx, F_Data)'Old + and Valid_Next (Ctx, F_Data) = Valid_Next (Ctx, F_Data)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Field_First (Ctx, F_Data) = Field_First (Ctx, F_Data)'Old; + + procedure Set_Data (Ctx : in out Context; Data : RFLX_Types.Bytes) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data) + and then RFLX.DCCP.Packet.Valid_Length (Ctx, RFLX.DCCP.Packet.F_Data, Data'Length) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data) >= Data'Length * RFLX_Types.Byte'Size + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Data, 0), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Data) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Data)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Data) = Predecessor (Ctx, F_Data)'Old + and Valid_Next (Ctx, F_Data) = Valid_Next (Ctx, F_Data)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Field_First (Ctx, F_Data) = Field_First (Ctx, F_Data)'Old + and Equal (Ctx, F_Data, Data); + + generic + with procedure Process_Data (Data : out RFLX_Types.Bytes); + with function Process_Data_Pre (Length : RFLX_Types.Length) return Boolean; + procedure Generic_Set_Data (Ctx : in out Context; Length : RFLX_Types.Length) with + Pre => + not Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Data) + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Data) + and then RFLX.DCCP.Packet.Valid_Length (Ctx, RFLX.DCCP.Packet.F_Data, Length) + and then RFLX_Types.To_Length (RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Data)) >= Length + and then Process_Data_Pre (Length), + Post => + Has_Buffer (Ctx) + and Well_Formed (Ctx, F_Data) + and (if Well_Formed_Message (Ctx) then Message_Last (Ctx) = Field_Last (Ctx, F_Data)) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Data) = Predecessor (Ctx, F_Data)'Old + and Valid_Next (Ctx, F_Data) = Valid_Next (Ctx, F_Data)'Old + and Get_Source_Port (Ctx) = Get_Source_Port (Ctx)'Old + and Get_Destination_Port (Ctx) = Get_Destination_Port (Ctx)'Old + and Get_Data_Offset (Ctx) = Get_Data_Offset (Ctx)'Old + and Get_CCVal (Ctx) = Get_CCVal (Ctx)'Old + and Get_CsCov (Ctx) = Get_CsCov (Ctx)'Old + and Get_Checksum (Ctx) = Get_Checksum (Ctx)'Old + and Get_Res_3 (Ctx) = Get_Res_3 (Ctx)'Old + and Get_Packet_Type (Ctx) = Get_Packet_Type (Ctx)'Old + and Get_X (Ctx) = Get_X (Ctx)'Old + and Field_First (Ctx, F_Data) = Field_First (Ctx, F_Data)'Old; + + procedure Switch_To_Options (Ctx : in out Context; Seq_Ctx : out RFLX.DCCP.Options.Context) with + Pre => + not Ctx'Constrained + and then not Seq_Ctx'Constrained + and then RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Options) + and then RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Options) > 0 + and then RFLX.DCCP.Packet.Field_First (Ctx, RFLX.DCCP.Packet.F_Options) rem RFLX_Types.Byte'Size = 1 + and then RFLX.DCCP.Packet.Available_Space (Ctx, RFLX.DCCP.Packet.F_Options) >= RFLX.DCCP.Packet.Field_Size (Ctx, RFLX.DCCP.Packet.F_Options) + and then RFLX.DCCP.Packet.Field_Condition (Ctx, RFLX.DCCP.Packet.F_Options, 0), + Post => + not RFLX.DCCP.Packet.Has_Buffer (Ctx) + and RFLX.DCCP.Options.Has_Buffer (Seq_Ctx) + and Ctx.Buffer_First = Seq_Ctx.Buffer_First + and Ctx.Buffer_Last = Seq_Ctx.Buffer_Last + and Seq_Ctx.First = Field_First (Ctx, F_Options) + and Seq_Ctx.Last = Field_Last (Ctx, F_Options) + and RFLX.DCCP.Options.Valid (Seq_Ctx) + and RFLX.DCCP.Options.Sequence_Last (Seq_Ctx) = Seq_Ctx.First - 1 + and Present (Ctx, F_Options) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Predecessor (Ctx, F_Options) = Predecessor (Ctx, F_Options)'Old + and Path_Condition (Ctx, F_Options) = Path_Condition (Ctx, F_Options)'Old + and Field_Last (Ctx, F_Options) = Field_Last (Ctx, F_Options)'Old + and (for all F in Field range F_Source_Port .. F_Data_3 => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)), + Contract_Cases => + (Well_Formed (Ctx, F_Options) => + (for all F in Field range F_Data .. F_Data => + Context_Cursors_Index (Context_Cursors (Ctx), F) = Context_Cursors_Index (Context_Cursors (Ctx)'Old, F)), + others => + (Predecessor (Ctx, F_Data) = F_Options + and Valid_Next (Ctx, F_Data)) + and Invalid (Ctx, F_Data)); + + function Complete_Options (Ctx : Context; Seq_Ctx : RFLX.DCCP.Options.Context) return Boolean with + Pre => + RFLX.DCCP.Packet.Valid_Next (Ctx, RFLX.DCCP.Packet.F_Options); + + procedure Update_Options (Ctx : in out Context; Seq_Ctx : in out RFLX.DCCP.Options.Context) with + Pre => + RFLX.DCCP.Packet.Present (Ctx, RFLX.DCCP.Packet.F_Options) + and then not RFLX.DCCP.Packet.Has_Buffer (Ctx) + and then RFLX.DCCP.Options.Has_Buffer (Seq_Ctx) + and then Ctx.Buffer_First = Seq_Ctx.Buffer_First + and then Ctx.Buffer_Last = Seq_Ctx.Buffer_Last + and then Seq_Ctx.First = Field_First (Ctx, F_Options) + and then Seq_Ctx.Last = Field_Last (Ctx, F_Options), + Post => + (if + RFLX.DCCP.Packet.Complete_Options (Ctx, Seq_Ctx) + then + Present (Ctx, F_Options) + and Context_Cursor (Ctx, F_Data) = Context_Cursor (Ctx, F_Data)'Old + else + Invalid (Ctx, F_Options) + and Invalid (Ctx, F_Data)) + and Has_Buffer (Ctx) + and not RFLX.DCCP.Options.Has_Buffer (Seq_Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Seq_Ctx.First = Seq_Ctx.First'Old + and Seq_Ctx.Last = Seq_Ctx.Last'Old + and Field_First (Ctx, F_Options) = Field_First (Ctx, F_Options)'Old + and Field_Size (Ctx, F_Options) = Field_Size (Ctx, F_Options)'Old + and Context_Cursor (Ctx, F_Source_Port) = Context_Cursor (Ctx, F_Source_Port)'Old + and Context_Cursor (Ctx, F_Destination_Port) = Context_Cursor (Ctx, F_Destination_Port)'Old + and Context_Cursor (Ctx, F_Data_Offset) = Context_Cursor (Ctx, F_Data_Offset)'Old + and Context_Cursor (Ctx, F_CCVal) = Context_Cursor (Ctx, F_CCVal)'Old + and Context_Cursor (Ctx, F_CsCov) = Context_Cursor (Ctx, F_CsCov)'Old + and Context_Cursor (Ctx, F_Checksum) = Context_Cursor (Ctx, F_Checksum)'Old + and Context_Cursor (Ctx, F_Res_3) = Context_Cursor (Ctx, F_Res_3)'Old + and Context_Cursor (Ctx, F_Packet_Type) = Context_Cursor (Ctx, F_Packet_Type)'Old + and Context_Cursor (Ctx, F_X) = Context_Cursor (Ctx, F_X)'Old + and Context_Cursor (Ctx, F_Res_8) = Context_Cursor (Ctx, F_Res_8)'Old + and Context_Cursor (Ctx, F_Sequence_Number_Short) = Context_Cursor (Ctx, F_Sequence_Number_Short)'Old + and Context_Cursor (Ctx, F_Sequence_Number_Long) = Context_Cursor (Ctx, F_Sequence_Number_Long)'Old + and Context_Cursor (Ctx, F_Ack_Reserved_Short) = Context_Cursor (Ctx, F_Ack_Reserved_Short)'Old + and Context_Cursor (Ctx, F_Ack_Reserved_Long) = Context_Cursor (Ctx, F_Ack_Reserved_Long)'Old + and Context_Cursor (Ctx, F_Ack_Number_Short) = Context_Cursor (Ctx, F_Ack_Number_Short)'Old + and Context_Cursor (Ctx, F_Ack_Number_Long) = Context_Cursor (Ctx, F_Ack_Number_Long)'Old + and Context_Cursor (Ctx, F_Reset_Code) = Context_Cursor (Ctx, F_Reset_Code)'Old + and Context_Cursor (Ctx, F_Service_Code) = Context_Cursor (Ctx, F_Service_Code)'Old + and Context_Cursor (Ctx, F_Data_1) = Context_Cursor (Ctx, F_Data_1)'Old + and Context_Cursor (Ctx, F_Data_2) = Context_Cursor (Ctx, F_Data_2)'Old + and Context_Cursor (Ctx, F_Data_3) = Context_Cursor (Ctx, F_Data_3)'Old, + Depends => + (Ctx => (Ctx, Seq_Ctx), Seq_Ctx => Seq_Ctx); + + function Context_Cursor (Ctx : Context; Fld : Field) return Field_Cursor with + Annotate => + (GNATprove, Inline_For_Proof), + Ghost; + + function Context_Cursors (Ctx : Context) return Field_Cursors with + Annotate => + (GNATprove, Inline_For_Proof), + Ghost; + + function Context_Cursors_Index (Cursors : Field_Cursors; Fld : Field) return Field_Cursor with + Annotate => + (GNATprove, Inline_For_Proof), + Ghost; + +private + + type Cursor_State is (S_Valid, S_Well_Formed, S_Invalid, S_Incomplete); + + type Field_Cursor (State : Cursor_State := S_Invalid) is + record + Predecessor : Virtual_Field := F_Final; + case State is + when S_Valid | S_Well_Formed => + First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; + Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; + Value : RFLX_Types.Base_Integer := 0; + when S_Invalid | S_Incomplete => + null; + end case; + end record; + + type Field_Cursors is array (Virtual_Field) of Field_Cursor; + + function Well_Formed (Cursor : Field_Cursor) return Boolean is + (Cursor.State = S_Valid + or Cursor.State = S_Well_Formed); + + function Valid (Cursor : Field_Cursor) return Boolean is + (Cursor.State = S_Valid); + + function Invalid (Cursor : Field_Cursor) return Boolean is + (Cursor.State = S_Invalid + or Cursor.State = S_Incomplete); + + pragma Warnings (Off, """Buffer"" is not modified, could be of access constant type"); + + pragma Warnings (Off, "postcondition does not mention function result"); + + function Valid_Context (Buffer_First, Buffer_Last : RFLX_Types.Index; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Verified_Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length; Buffer : RFLX_Types.Bytes_Ptr; Cursors : Field_Cursors) return Boolean is + ((if Buffer /= null then Buffer'First = Buffer_First and Buffer'Last = Buffer_Last) + and then (RFLX_Types.To_Index (First) >= Buffer_First + and RFLX_Types.To_Index (Last) <= Buffer_Last + and Buffer_Last < RFLX_Types.Index'Last + and First <= Last + 1 + and Last < RFLX_Types.Bit_Index'Last + and First rem RFLX_Types.Byte'Size = 1 + and Last rem RFLX_Types.Byte'Size = 0) + and then First - 1 <= Verified_Last + and then First - 1 <= Written_Last + and then Verified_Last <= Written_Last + and then Written_Last <= Last + and then First rem RFLX_Types.Byte'Size = 1 + and then Last rem RFLX_Types.Byte'Size = 0 + and then Verified_Last rem RFLX_Types.Byte'Size = 0 + and then Written_Last rem RFLX_Types.Byte'Size = 0 + and then (for all F in Field => + (if + Well_Formed (Cursors (F)) + then + Cursors (F).First >= First + and Cursors (F).Last <= Verified_Last + and Cursors (F).First <= Cursors (F).Last + 1 + and Valid_Value (F, Cursors (F).Value))) + and then ((if + Well_Formed (Cursors (F_Destination_Port)) + then + (Valid (Cursors (F_Source_Port)) + and then Cursors (F_Destination_Port).Predecessor = F_Source_Port)) + and then (if + Well_Formed (Cursors (F_Data_Offset)) + then + (Valid (Cursors (F_Destination_Port)) + and then Cursors (F_Data_Offset).Predecessor = F_Destination_Port)) + and then (if + Well_Formed (Cursors (F_CCVal)) + then + (Valid (Cursors (F_Data_Offset)) + and then Cursors (F_CCVal).Predecessor = F_Data_Offset)) + and then (if + Well_Formed (Cursors (F_CsCov)) + then + (Valid (Cursors (F_CCVal)) + and then Cursors (F_CsCov).Predecessor = F_CCVal)) + and then (if + Well_Formed (Cursors (F_Checksum)) + then + (Valid (Cursors (F_CsCov)) + and then Cursors (F_Checksum).Predecessor = F_CsCov)) + and then (if + Well_Formed (Cursors (F_Res_3)) + then + (Valid (Cursors (F_Checksum)) + and then Cursors (F_Res_3).Predecessor = F_Checksum)) + and then (if + Well_Formed (Cursors (F_Packet_Type)) + then + (Valid (Cursors (F_Res_3)) + and then Cursors (F_Packet_Type).Predecessor = F_Res_3)) + and then (if + Well_Formed (Cursors (F_X)) + then + (Valid (Cursors (F_Packet_Type)) + and then Cursors (F_X).Predecessor = F_Packet_Type)) + and then (if + Well_Formed (Cursors (F_Res_8)) + then + (Valid (Cursors (F_X)) + and then Cursors (F_Res_8).Predecessor = F_X + and then RFLX_Types.Base_Integer (Cursors (F_X).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)))) + and then (if + Well_Formed (Cursors (F_Sequence_Number_Short)) + then + (Valid (Cursors (F_X)) + and then Cursors (F_Sequence_Number_Short).Predecessor = F_X + and then RFLX_Types.Base_Integer (Cursors (F_X).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)))) + and then (if + Well_Formed (Cursors (F_Sequence_Number_Long)) + then + (Valid (Cursors (F_Res_8)) + and then Cursors (F_Sequence_Number_Long).Predecessor = F_Res_8)) + and then (if + Well_Formed (Cursors (F_Ack_Reserved_Short)) + then + (Valid (Cursors (F_Sequence_Number_Short)) + and then Cursors (F_Ack_Reserved_Short).Predecessor = F_Sequence_Number_Short + and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST))))) + and then (if + Well_Formed (Cursors (F_Ack_Reserved_Long)) + then + (Valid (Cursors (F_Sequence_Number_Long)) + and then Cursors (F_Ack_Reserved_Long).Predecessor = F_Sequence_Number_Long + and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST))))) + and then (if + Well_Formed (Cursors (F_Ack_Number_Short)) + then + (Valid (Cursors (F_Ack_Reserved_Short)) + and then Cursors (F_Ack_Number_Short).Predecessor = F_Ack_Reserved_Short)) + and then (if + Well_Formed (Cursors (F_Ack_Number_Long)) + then + (Valid (Cursors (F_Ack_Reserved_Long)) + and then Cursors (F_Ack_Number_Long).Predecessor = F_Ack_Reserved_Long)) + and then (if + Well_Formed (Cursors (F_Reset_Code)) + then + (Valid (Cursors (F_Ack_Number_Long)) + and then Cursors (F_Reset_Code).Predecessor = F_Ack_Number_Long + and then RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)))) + and then (if + Well_Formed (Cursors (F_Service_Code)) + then + (Valid (Cursors (F_Ack_Number_Long)) + and then Cursors (F_Service_Code).Predecessor = F_Ack_Number_Long + and then RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE))) + or (Valid (Cursors (F_Sequence_Number_Long)) + and then Cursors (F_Service_Code).Predecessor = F_Sequence_Number_Long + and then RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)))) + and then (if + Well_Formed (Cursors (F_Data_1)) + then + (Valid (Cursors (F_Reset_Code)) + and then Cursors (F_Data_1).Predecessor = F_Reset_Code)) + and then (if + Well_Formed (Cursors (F_Data_2)) + then + (Valid (Cursors (F_Data_1)) + and then Cursors (F_Data_2).Predecessor = F_Data_1)) + and then (if + Well_Formed (Cursors (F_Data_3)) + then + (Valid (Cursors (F_Data_2)) + and then Cursors (F_Data_3).Predecessor = F_Data_2)) + and then (if + Well_Formed (Cursors (F_Options)) + then + (Valid (Cursors (F_Ack_Number_Long)) + and then Cursors (F_Options).Predecessor = F_Ack_Number_Long + and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1)) + or (Valid (Cursors (F_Ack_Number_Short)) + and then Cursors (F_Options).Predecessor = F_Ack_Number_Short + and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1)) + or (Valid (Cursors (F_Data_3)) + and then Cursors (F_Options).Predecessor = F_Data_3 + and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (First) + 1) + or (Valid (Cursors (F_Sequence_Number_Long)) + and then Cursors (F_Options).Predecessor = F_Sequence_Number_Long + and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1)) + or (Valid (Cursors (F_Sequence_Number_Short)) + and then Cursors (F_Options).Predecessor = F_Sequence_Number_Short + and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1)) + or (Valid (Cursors (F_Service_Code)) + and then Cursors (F_Options).Predecessor = F_Service_Code + and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (First) + 1)) + and then (if + Well_Formed (Cursors (F_Data)) + then + (Valid (Cursors (F_Ack_Number_Long)) + and then Cursors (F_Data).Predecessor = F_Ack_Number_Long + and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1)) + or (Valid (Cursors (F_Ack_Number_Short)) + and then Cursors (F_Data).Predecessor = F_Ack_Number_Short + and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1)) + or (Valid (Cursors (F_Data_3)) + and then Cursors (F_Data).Predecessor = F_Data_3 + and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (First) + 1) + or (Well_Formed (Cursors (F_Options)) + and then Cursors (F_Data).Predecessor = F_Options) + or (Valid (Cursors (F_Sequence_Number_Long)) + and then Cursors (F_Data).Predecessor = F_Sequence_Number_Long + and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1)) + or (Valid (Cursors (F_Sequence_Number_Short)) + and then Cursors (F_Data).Predecessor = F_Sequence_Number_Short + and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1)) + or (Valid (Cursors (F_Service_Code)) + and then Cursors (F_Data).Predecessor = F_Service_Code + and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (First) + 1))) + and then ((if Invalid (Cursors (F_Source_Port)) then Invalid (Cursors (F_Destination_Port))) + and then (if Invalid (Cursors (F_Destination_Port)) then Invalid (Cursors (F_Data_Offset))) + and then (if Invalid (Cursors (F_Data_Offset)) then Invalid (Cursors (F_CCVal))) + and then (if Invalid (Cursors (F_CCVal)) then Invalid (Cursors (F_CsCov))) + and then (if Invalid (Cursors (F_CsCov)) then Invalid (Cursors (F_Checksum))) + and then (if Invalid (Cursors (F_Checksum)) then Invalid (Cursors (F_Res_3))) + and then (if Invalid (Cursors (F_Res_3)) then Invalid (Cursors (F_Packet_Type))) + and then (if Invalid (Cursors (F_Packet_Type)) then Invalid (Cursors (F_X))) + and then (if Invalid (Cursors (F_X)) then Invalid (Cursors (F_Res_8))) + and then (if Invalid (Cursors (F_X)) then Invalid (Cursors (F_Sequence_Number_Short))) + and then (if Invalid (Cursors (F_Res_8)) then Invalid (Cursors (F_Sequence_Number_Long))) + and then (if Invalid (Cursors (F_Sequence_Number_Short)) then Invalid (Cursors (F_Ack_Reserved_Short))) + and then (if Invalid (Cursors (F_Sequence_Number_Long)) then Invalid (Cursors (F_Ack_Reserved_Long))) + and then (if Invalid (Cursors (F_Ack_Reserved_Short)) then Invalid (Cursors (F_Ack_Number_Short))) + and then (if Invalid (Cursors (F_Ack_Reserved_Long)) then Invalid (Cursors (F_Ack_Number_Long))) + and then (if Invalid (Cursors (F_Ack_Number_Long)) then Invalid (Cursors (F_Reset_Code))) + and then (if + Invalid (Cursors (F_Ack_Number_Long)) + and then Invalid (Cursors (F_Sequence_Number_Long)) + then + Invalid (Cursors (F_Service_Code))) + and then (if Invalid (Cursors (F_Reset_Code)) then Invalid (Cursors (F_Data_1))) + and then (if Invalid (Cursors (F_Data_1)) then Invalid (Cursors (F_Data_2))) + and then (if Invalid (Cursors (F_Data_2)) then Invalid (Cursors (F_Data_3))) + and then (if + Invalid (Cursors (F_Ack_Number_Long)) + and then Invalid (Cursors (F_Ack_Number_Short)) + and then Invalid (Cursors (F_Data_3)) + and then Invalid (Cursors (F_Sequence_Number_Long)) + and then Invalid (Cursors (F_Sequence_Number_Short)) + and then Invalid (Cursors (F_Service_Code)) + then + Invalid (Cursors (F_Options))) + and then (if + Invalid (Cursors (F_Ack_Number_Long)) + and then Invalid (Cursors (F_Ack_Number_Short)) + and then Invalid (Cursors (F_Data_3)) + and then Invalid (Cursors (F_Options)) + and then Invalid (Cursors (F_Sequence_Number_Long)) + and then Invalid (Cursors (F_Sequence_Number_Short)) + and then Invalid (Cursors (F_Service_Code)) + then + Invalid (Cursors (F_Data)))) + and then ((if + Well_Formed (Cursors (F_Source_Port)) + then + (Cursors (F_Source_Port).Last - Cursors (F_Source_Port).First + 1 = 16 + and then Cursors (F_Source_Port).Predecessor = F_Initial + and then Cursors (F_Source_Port).First = First)) + and then (if + Well_Formed (Cursors (F_Destination_Port)) + then + (Cursors (F_Destination_Port).Last - Cursors (F_Destination_Port).First + 1 = 16 + and then Cursors (F_Destination_Port).Predecessor = F_Source_Port + and then Cursors (F_Destination_Port).First = Cursors (F_Source_Port).Last + 1)) + and then (if + Well_Formed (Cursors (F_Data_Offset)) + then + (Cursors (F_Data_Offset).Last - Cursors (F_Data_Offset).First + 1 = 8 + and then Cursors (F_Data_Offset).Predecessor = F_Destination_Port + and then Cursors (F_Data_Offset).First = Cursors (F_Destination_Port).Last + 1)) + and then (if + Well_Formed (Cursors (F_CCVal)) + then + (Cursors (F_CCVal).Last - Cursors (F_CCVal).First + 1 = 4 + and then Cursors (F_CCVal).Predecessor = F_Data_Offset + and then Cursors (F_CCVal).First = Cursors (F_Data_Offset).Last + 1)) + and then (if + Well_Formed (Cursors (F_CsCov)) + then + (Cursors (F_CsCov).Last - Cursors (F_CsCov).First + 1 = 4 + and then Cursors (F_CsCov).Predecessor = F_CCVal + and then Cursors (F_CsCov).First = Cursors (F_CCVal).Last + 1)) + and then (if + Well_Formed (Cursors (F_Checksum)) + then + (Cursors (F_Checksum).Last - Cursors (F_Checksum).First + 1 = 16 + and then Cursors (F_Checksum).Predecessor = F_CsCov + and then Cursors (F_Checksum).First = Cursors (F_CsCov).Last + 1)) + and then (if + Well_Formed (Cursors (F_Res_3)) + then + (Cursors (F_Res_3).Last - Cursors (F_Res_3).First + 1 = 3 + and then Cursors (F_Res_3).Predecessor = F_Checksum + and then Cursors (F_Res_3).First = Cursors (F_Checksum).Last + 1)) + and then (if + Well_Formed (Cursors (F_Packet_Type)) + then + (Cursors (F_Packet_Type).Last - Cursors (F_Packet_Type).First + 1 = 4 + and then Cursors (F_Packet_Type).Predecessor = F_Res_3 + and then Cursors (F_Packet_Type).First = Cursors (F_Res_3).Last + 1)) + and then (if + Well_Formed (Cursors (F_X)) + then + (Cursors (F_X).Last - Cursors (F_X).First + 1 = 1 + and then Cursors (F_X).Predecessor = F_Packet_Type + and then Cursors (F_X).First = Cursors (F_Packet_Type).Last + 1)) + and then (if + Well_Formed (Cursors (F_Res_8)) + then + (Cursors (F_Res_8).Last - Cursors (F_Res_8).First + 1 = 8 + and then Cursors (F_Res_8).Predecessor = F_X + and then Cursors (F_Res_8).First = Cursors (F_X).Last + 1)) + and then (if + Well_Formed (Cursors (F_Sequence_Number_Short)) + then + (Cursors (F_Sequence_Number_Short).Last - Cursors (F_Sequence_Number_Short).First + 1 = 24 + and then Cursors (F_Sequence_Number_Short).Predecessor = F_X + and then Cursors (F_Sequence_Number_Short).First = Cursors (F_X).Last + 1)) + and then (if + Well_Formed (Cursors (F_Sequence_Number_Long)) + then + (Cursors (F_Sequence_Number_Long).Last - Cursors (F_Sequence_Number_Long).First + 1 = 48 + and then Cursors (F_Sequence_Number_Long).Predecessor = F_Res_8 + and then Cursors (F_Sequence_Number_Long).First = Cursors (F_Res_8).Last + 1)) + and then (if + Well_Formed (Cursors (F_Ack_Reserved_Short)) + then + (Cursors (F_Ack_Reserved_Short).Last - Cursors (F_Ack_Reserved_Short).First + 1 = 8 + and then Cursors (F_Ack_Reserved_Short).Predecessor = F_Sequence_Number_Short + and then Cursors (F_Ack_Reserved_Short).First = Cursors (F_Sequence_Number_Short).Last + 1)) + and then (if + Well_Formed (Cursors (F_Ack_Reserved_Long)) + then + (Cursors (F_Ack_Reserved_Long).Last - Cursors (F_Ack_Reserved_Long).First + 1 = 16 + and then Cursors (F_Ack_Reserved_Long).Predecessor = F_Sequence_Number_Long + and then Cursors (F_Ack_Reserved_Long).First = Cursors (F_Sequence_Number_Long).Last + 1)) + and then (if + Well_Formed (Cursors (F_Ack_Number_Short)) + then + (Cursors (F_Ack_Number_Short).Last - Cursors (F_Ack_Number_Short).First + 1 = 24 + and then Cursors (F_Ack_Number_Short).Predecessor = F_Ack_Reserved_Short + and then Cursors (F_Ack_Number_Short).First = Cursors (F_Ack_Reserved_Short).Last + 1)) + and then (if + Well_Formed (Cursors (F_Ack_Number_Long)) + then + (Cursors (F_Ack_Number_Long).Last - Cursors (F_Ack_Number_Long).First + 1 = 48 + and then Cursors (F_Ack_Number_Long).Predecessor = F_Ack_Reserved_Long + and then Cursors (F_Ack_Number_Long).First = Cursors (F_Ack_Reserved_Long).Last + 1)) + and then (if + Well_Formed (Cursors (F_Reset_Code)) + then + (Cursors (F_Reset_Code).Last - Cursors (F_Reset_Code).First + 1 = 8 + and then Cursors (F_Reset_Code).Predecessor = F_Ack_Number_Long + and then Cursors (F_Reset_Code).First = Cursors (F_Ack_Number_Long).Last + 1)) + and then (if + Well_Formed (Cursors (F_Service_Code)) + then + (if + Well_Formed (Cursors (F_Ack_Number_Long)) + and then RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)) + then + Cursors (F_Service_Code).Last - Cursors (F_Service_Code).First + 1 = 32 + and then Cursors (F_Service_Code).Predecessor = F_Ack_Number_Long + and then Cursors (F_Service_Code).First = Cursors (F_Ack_Number_Long).Last + 1) + and then (if + Well_Formed (Cursors (F_Sequence_Number_Long)) + and then RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)) + then + Cursors (F_Service_Code).Last - Cursors (F_Service_Code).First + 1 = 32 + and then Cursors (F_Service_Code).Predecessor = F_Sequence_Number_Long + and then Cursors (F_Service_Code).First = Cursors (F_Sequence_Number_Long).Last + 1)) + and then (if + Well_Formed (Cursors (F_Data_1)) + then + (Cursors (F_Data_1).Last - Cursors (F_Data_1).First + 1 = 8 + and then Cursors (F_Data_1).Predecessor = F_Reset_Code + and then Cursors (F_Data_1).First = Cursors (F_Reset_Code).Last + 1)) + and then (if + Well_Formed (Cursors (F_Data_2)) + then + (Cursors (F_Data_2).Last - Cursors (F_Data_2).First + 1 = 8 + and then Cursors (F_Data_2).Predecessor = F_Data_1 + and then Cursors (F_Data_2).First = Cursors (F_Data_1).Last + 1)) + and then (if + Well_Formed (Cursors (F_Data_3)) + then + (Cursors (F_Data_3).Last - Cursors (F_Data_3).First + 1 = 8 + and then Cursors (F_Data_3).Predecessor = F_Data_2 + and then Cursors (F_Data_3).First = Cursors (F_Data_2).Last + 1)) + and then (if + Well_Formed (Cursors (F_Options)) + then + (if + Well_Formed (Cursors (F_Ack_Number_Long)) + and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1) + then + Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Cursors (F_Ack_Number_Long).Last)) + RFLX_Types.Bit_Length (First) - 1) + and then Cursors (F_Options).Predecessor = F_Ack_Number_Long + and then Cursors (F_Options).First = Cursors (F_Ack_Number_Long).Last + 1) + and then (if + Well_Formed (Cursors (F_Ack_Number_Short)) + and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1) + then + Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Cursors (F_Ack_Number_Short).Last)) + RFLX_Types.Bit_Length (First) - 1) + and then Cursors (F_Options).Predecessor = F_Ack_Number_Short + and then Cursors (F_Options).First = Cursors (F_Ack_Number_Short).Last + 1) + and then (if + Well_Formed (Cursors (F_Data_3)) + and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (First) + 1 + then + Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Cursors (F_Data_3).Last)) + RFLX_Types.Bit_Length (First) - 1) + and then Cursors (F_Options).Predecessor = F_Data_3 + and then Cursors (F_Options).First = Cursors (F_Data_3).Last + 1) + and then (if + Well_Formed (Cursors (F_Sequence_Number_Long)) + and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1) + then + Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Cursors (F_Sequence_Number_Long).Last)) + RFLX_Types.Bit_Length (First) - 1) + and then Cursors (F_Options).Predecessor = F_Sequence_Number_Long + and then Cursors (F_Options).First = Cursors (F_Sequence_Number_Long).Last + 1) + and then (if + Well_Formed (Cursors (F_Sequence_Number_Short)) + and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1) + then + Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Cursors (F_Sequence_Number_Short).Last)) + RFLX_Types.Bit_Length (First) - 1) + and then Cursors (F_Options).Predecessor = F_Sequence_Number_Short + and then Cursors (F_Options).First = Cursors (F_Sequence_Number_Short).Last + 1) + and then (if + Well_Formed (Cursors (F_Service_Code)) + and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (First) + 1 + then + Cursors (F_Options).Last - Cursors (F_Options).First + 1 = RFLX_Types.Bit_Length (Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Cursors (F_Service_Code).Last)) + RFLX_Types.Bit_Length (First) - 1) + and then Cursors (F_Options).Predecessor = F_Service_Code + and then Cursors (F_Options).First = Cursors (F_Service_Code).Last + 1)) + and then (if + Well_Formed (Cursors (F_Data)) + then + (if + Well_Formed (Cursors (F_Ack_Number_Long)) + and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1) + then + Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Ack_Number_Long).Last) + and then Cursors (F_Data).Predecessor = F_Ack_Number_Long + and then Cursors (F_Data).First = Cursors (F_Ack_Number_Long).Last + 1) + and then (if + Well_Formed (Cursors (F_Ack_Number_Short)) + and then ((RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1) + then + Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Ack_Number_Short).Last) + and then Cursors (F_Data).Predecessor = F_Ack_Number_Short + and then Cursors (F_Data).First = Cursors (F_Ack_Number_Short).Last + 1) + and then (if + Well_Formed (Cursors (F_Data_3)) + and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (First) + 1 + then + Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Data_3).Last) + and then Cursors (F_Data).Predecessor = F_Data_3 + and then Cursors (F_Data).First = Cursors (F_Data_3).Last + 1) + and then (if + Well_Formed (Cursors (F_Options)) + and then True + then + Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Options).Last) + and then Cursors (F_Data).Predecessor = F_Options + and then Cursors (F_Data).First = Cursors (F_Options).Last + 1) + and then (if + Well_Formed (Cursors (F_Sequence_Number_Long)) + and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (First) + 1) + then + Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Sequence_Number_Long).Last) + and then Cursors (F_Data).Predecessor = F_Sequence_Number_Long + and then Cursors (F_Data).First = Cursors (F_Sequence_Number_Long).Last + 1) + and then (if + Well_Formed (Cursors (F_Sequence_Number_Short)) + and then (RFLX_Types.Base_Integer (Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (First) + 1) + then + Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Sequence_Number_Short).Last) + and then Cursors (F_Data).Predecessor = F_Sequence_Number_Short + and then Cursors (F_Data).First = Cursors (F_Sequence_Number_Short).Last + 1) + and then (if + Well_Formed (Cursors (F_Service_Code)) + and then RFLX_Types.Base_Integer (Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (First) + 1 + then + Cursors (F_Data).Last - Cursors (F_Data).First + 1 = RFLX_Types.Bit_Length (Written_Last) - RFLX_Types.Bit_Length (Cursors (F_Service_Code).Last) + and then Cursors (F_Data).Predecessor = F_Service_Code + and then Cursors (F_Data).First = Cursors (F_Service_Code).Last + 1)))) + with + Post => + True; + + pragma Warnings (On, """Buffer"" is not modified, could be of access constant type"); + + pragma Warnings (On, "postcondition does not mention function result"); + + type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is + record + Verified_Last : RFLX_Types.Bit_Length := First - 1; + Written_Last : RFLX_Types.Bit_Length := First - 1; + Buffer : RFLX_Types.Bytes_Ptr := null; + Cursors : Field_Cursors := (others => (State => S_Invalid, Predecessor => F_Final)); + end record with + Dynamic_Predicate => + Valid_Context (Context.Buffer_First, Context.Buffer_Last, Context.First, Context.Last, Context.Verified_Last, Context.Written_Last, Context.Buffer, Context.Cursors); + + function Initialized (Ctx : Context) return Boolean is + (Ctx.Verified_Last = Ctx.First - 1 + and then Valid_Next (Ctx, F_Source_Port) + and then RFLX.DCCP.Packet.Field_First (Ctx, RFLX.DCCP.Packet.F_Source_Port) rem RFLX_Types.Byte'Size = 1 + and then Available_Space (Ctx, F_Source_Port) = Ctx.Last - Ctx.First + 1 + and then (for all F in Field => + Invalid (Ctx, F))); + + function Has_Buffer (Ctx : Context) return Boolean is + (Ctx.Buffer /= null); + + function Buffer_Length (Ctx : Context) return RFLX_Types.Length is + (Ctx.Buffer'Length); + + function Size (Ctx : Context) return RFLX_Types.Bit_Length is + (Ctx.Verified_Last - Ctx.First + 1); + + function Byte_Size (Ctx : Context) return RFLX_Types.Length is + (RFLX_Types.To_Length (Size (Ctx))); + + function Message_Last (Ctx : Context) return RFLX_Types.Bit_Length is + (Ctx.Verified_Last); + + function Written_Last (Ctx : Context) return RFLX_Types.Bit_Length is + (Ctx.Written_Last); + + function Valid_Value (Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean is + ((case Fld is + when F_Source_Port | F_Destination_Port => + RFLX.DCCP.Valid_Port_Type (Val), + when F_Data_Offset => + RFLX.DCCP.Valid_Data_Offset_Type (Val), + when F_CCVal => + RFLX.DCCP.Valid_CCVal_Type (Val), + when F_CsCov => + RFLX.DCCP.Valid_Checksum_Coverage_Type (Val), + when F_Checksum => + RFLX.DCCP.Valid_Checksum_Type (Val), + when F_Res_3 => + RFLX.DCCP.Valid_Reserved_3_Type (Val), + when F_Packet_Type => + RFLX.DCCP.Valid_Type_Field (Val), + when F_X => + RFLX.DCCP.Valid_Ext_Seq_Type (Val), + when F_Res_8 => + RFLX.DCCP.Valid_Reserved_8_Type (Val), + when F_Sequence_Number_Short => + RFLX.DCCP.Valid_Sequence_Number_Short_Type (Val), + when F_Sequence_Number_Long => + RFLX.DCCP.Valid_Sequence_Number_Long_Type (Val), + when F_Ack_Reserved_Short => + RFLX.DCCP.Valid_Reserved_8_Type (Val), + when F_Ack_Reserved_Long => + RFLX.DCCP.Valid_Reserved_16_Type (Val), + when F_Ack_Number_Short => + RFLX.DCCP.Valid_Ack_Number_Short_Type (Val), + when F_Ack_Number_Long => + RFLX.DCCP.Valid_Ack_Number_Long_Type (Val), + when F_Reset_Code => + RFLX.DCCP.Valid_Reset_Code_Type (Val), + when F_Service_Code => + RFLX.DCCP.Valid_Service_Code_Type (Val), + when F_Data_1 | F_Data_2 | F_Data_3 => + RFLX.DCCP.Valid_Data_Type (Val), + when F_Options | F_Data => + True)); + + function Path_Condition (Ctx : Context; Fld : Field) return Boolean is + ((case Ctx.Cursors (Fld).Predecessor is + when F_Initial | F_Source_Port | F_Destination_Port | F_Data_Offset | F_CCVal | F_CsCov | F_Checksum | F_Res_3 | F_Packet_Type | F_Res_8 | F_Ack_Reserved_Short | F_Ack_Reserved_Long | F_Reset_Code | F_Data_1 | F_Data_2 | F_Options | F_Data | F_Final => + True, + when F_X => + (case Fld is + when F_Res_8 => + RFLX_Types.Base_Integer (Ctx.Cursors (F_X).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)), + when F_Sequence_Number_Short => + RFLX_Types.Base_Integer (Ctx.Cursors (F_X).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)), + when others => + False), + when F_Sequence_Number_Short => + (case Fld is + when F_Ack_Reserved_Short => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)), + when F_Data => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when F_Options => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when others => + False), + when F_Sequence_Number_Long => + (case Fld is + when F_Ack_Reserved_Long => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)), + when F_Data => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when F_Options => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when F_Service_Code => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)), + when others => + False), + when F_Ack_Number_Short => + (case Fld is + when F_Data => + (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when F_Options => + (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when others => + False), + when F_Ack_Number_Long => + (case Fld is + when F_Data => + (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when F_Options => + (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when F_Reset_Code => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)), + when F_Service_Code => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)), + when others => + False), + when F_Service_Code => + (case Fld is + when F_Data => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when F_Options => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when others => + False), + when F_Data_3 => + (case Fld is + when F_Data => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when F_Options => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when others => + False))); + + function Field_Condition (Ctx : Context; Fld : Field; Val : RFLX_Types.Base_Integer) return Boolean is + ((case Fld is + when F_Source_Port | F_Destination_Port | F_Data_Offset | F_CCVal | F_CsCov | F_Checksum | F_Res_3 | F_Packet_Type => + True, + when F_X => + Val = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.EXTENDED)) + or Val = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.NOT_EXTENDED)), + when F_Res_8 => + True, + when F_Sequence_Number_Short => + (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST))) + or (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1) + or (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1), + when F_Sequence_Number_Long => + (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) /= RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST))) + or (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1) + or (RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Sequence_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_REQUEST)), + when F_Ack_Reserved_Short | F_Ack_Reserved_Long => + True, + when F_Ack_Number_Short => + ((RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1) + or ((RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Short)) - RFLX_Types.Base_Integer (Ctx.First) + 1), + when F_Ack_Number_Long => + ((RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1) + or ((RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Ack_Number_Long)) - RFLX_Types.Base_Integer (Ctx.First) + 1) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESET)) + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Base_Integer (To_Base_Integer (RFLX.DCCP.DCCP_RESPONSE)), + when F_Reset_Code => + True, + when F_Service_Code => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Service_Code)) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when F_Data_1 | F_Data_2 => + True, + when F_Data_3 => + RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1 + or RFLX_Types.Base_Integer (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Base_Integer (Field_Last (Ctx, F_Data_3)) - RFLX_Types.Base_Integer (Ctx.First) + 1, + when F_Options | F_Data => + True)); + + function Field_Size (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is + ((case Fld is + when F_Source_Port | F_Destination_Port => + 16, + when F_Data_Offset => + 8, + when F_CCVal | F_CsCov => + 4, + when F_Checksum => + 16, + when F_Res_3 => + 3, + when F_Packet_Type => + 4, + when F_X => + 1, + when F_Res_8 => + 8, + when F_Sequence_Number_Short => + 24, + when F_Sequence_Number_Long => + 48, + when F_Ack_Reserved_Short => + 8, + when F_Ack_Reserved_Long => + 16, + when F_Ack_Number_Short => + 24, + when F_Ack_Number_Long => + 48, + when F_Reset_Code => + 8, + when F_Service_Code => + 32, + when F_Data_1 | F_Data_2 | F_Data_3 => + 8, + when F_Options => + (if + Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long + and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) + elsif + Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short + and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) + elsif + Ctx.Cursors (Fld).Predecessor = F_Data_3 + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) + elsif + Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) + elsif + Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) + elsif + Ctx.Cursors (Fld).Predecessor = F_Service_Code + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 > RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 + then + RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 + ((-RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last)) + RFLX_Types.Bit_Length (Ctx.First) - 1) + else + RFLX_Types.Unreachable), + when F_Data => + (if + Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long + and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) + elsif + Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short + and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) + elsif + Ctx.Cursors (Fld).Predecessor = F_Data_3 + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) + elsif + Ctx.Cursors (Fld).Predecessor = F_Options + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Options).Last) + elsif + Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) + elsif + Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) + elsif + Ctx.Cursors (Fld).Predecessor = F_Service_Code + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 + then + RFLX_Types.Bit_Length (Ctx.Written_Last) - RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) + else + RFLX_Types.Unreachable))); + + function Field_First (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Index is + ((if Fld = F_Source_Port then Ctx.First else Ctx.Cursors (Ctx.Cursors (Fld).Predecessor).Last + 1)); + + function Field_Last (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is + (Field_First (Ctx, Fld) + Field_Size (Ctx, Fld) - 1); + + function Predecessor (Ctx : Context; Fld : Virtual_Field) return Virtual_Field is + ((case Fld is + when F_Initial => + F_Initial, + when others => + Ctx.Cursors (Fld).Predecessor)); + + function Valid_Predecessor (Ctx : Context; Fld : Virtual_Field) return Boolean is + ((case Fld is + when F_Initial => + True, + when F_Source_Port => + Ctx.Cursors (Fld).Predecessor = F_Initial, + when F_Destination_Port => + (Valid (Ctx.Cursors (F_Source_Port)) + and Ctx.Cursors (Fld).Predecessor = F_Source_Port), + when F_Data_Offset => + (Valid (Ctx.Cursors (F_Destination_Port)) + and Ctx.Cursors (Fld).Predecessor = F_Destination_Port), + when F_CCVal => + (Valid (Ctx.Cursors (F_Data_Offset)) + and Ctx.Cursors (Fld).Predecessor = F_Data_Offset), + when F_CsCov => + (Valid (Ctx.Cursors (F_CCVal)) + and Ctx.Cursors (Fld).Predecessor = F_CCVal), + when F_Checksum => + (Valid (Ctx.Cursors (F_CsCov)) + and Ctx.Cursors (Fld).Predecessor = F_CsCov), + when F_Res_3 => + (Valid (Ctx.Cursors (F_Checksum)) + and Ctx.Cursors (Fld).Predecessor = F_Checksum), + when F_Packet_Type => + (Valid (Ctx.Cursors (F_Res_3)) + and Ctx.Cursors (Fld).Predecessor = F_Res_3), + when F_X => + (Valid (Ctx.Cursors (F_Packet_Type)) + and Ctx.Cursors (Fld).Predecessor = F_Packet_Type), + when F_Res_8 | F_Sequence_Number_Short => + (Valid (Ctx.Cursors (F_X)) + and Ctx.Cursors (Fld).Predecessor = F_X), + when F_Sequence_Number_Long => + (Valid (Ctx.Cursors (F_Res_8)) + and Ctx.Cursors (Fld).Predecessor = F_Res_8), + when F_Ack_Reserved_Short => + (Valid (Ctx.Cursors (F_Sequence_Number_Short)) + and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short), + when F_Ack_Reserved_Long => + (Valid (Ctx.Cursors (F_Sequence_Number_Long)) + and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long), + when F_Ack_Number_Short => + (Valid (Ctx.Cursors (F_Ack_Reserved_Short)) + and Ctx.Cursors (Fld).Predecessor = F_Ack_Reserved_Short), + when F_Ack_Number_Long => + (Valid (Ctx.Cursors (F_Ack_Reserved_Long)) + and Ctx.Cursors (Fld).Predecessor = F_Ack_Reserved_Long), + when F_Reset_Code => + (Valid (Ctx.Cursors (F_Ack_Number_Long)) + and Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long), + when F_Service_Code => + (Valid (Ctx.Cursors (F_Ack_Number_Long)) + and Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long) + or (Valid (Ctx.Cursors (F_Sequence_Number_Long)) + and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long), + when F_Data_1 => + (Valid (Ctx.Cursors (F_Reset_Code)) + and Ctx.Cursors (Fld).Predecessor = F_Reset_Code), + when F_Data_2 => + (Valid (Ctx.Cursors (F_Data_1)) + and Ctx.Cursors (Fld).Predecessor = F_Data_1), + when F_Data_3 => + (Valid (Ctx.Cursors (F_Data_2)) + and Ctx.Cursors (Fld).Predecessor = F_Data_2), + when F_Options => + (Valid (Ctx.Cursors (F_Ack_Number_Long)) + and Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long) + or (Valid (Ctx.Cursors (F_Ack_Number_Short)) + and Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short) + or (Valid (Ctx.Cursors (F_Data_3)) + and Ctx.Cursors (Fld).Predecessor = F_Data_3) + or (Valid (Ctx.Cursors (F_Sequence_Number_Long)) + and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long) + or (Valid (Ctx.Cursors (F_Sequence_Number_Short)) + and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short) + or (Valid (Ctx.Cursors (F_Service_Code)) + and Ctx.Cursors (Fld).Predecessor = F_Service_Code), + when F_Data => + (Valid (Ctx.Cursors (F_Ack_Number_Long)) + and Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long) + or (Valid (Ctx.Cursors (F_Ack_Number_Short)) + and Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short) + or (Valid (Ctx.Cursors (F_Data_3)) + and Ctx.Cursors (Fld).Predecessor = F_Data_3) + or (Well_Formed (Ctx.Cursors (F_Options)) + and Ctx.Cursors (Fld).Predecessor = F_Options) + or (Valid (Ctx.Cursors (F_Sequence_Number_Long)) + and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long) + or (Valid (Ctx.Cursors (F_Sequence_Number_Short)) + and Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short) + or (Valid (Ctx.Cursors (F_Service_Code)) + and Ctx.Cursors (Fld).Predecessor = F_Service_Code), + when F_Final => + (Well_Formed (Ctx.Cursors (F_Data)) + and Ctx.Cursors (Fld).Predecessor = F_Data))); + + function Valid_Next (Ctx : Context; Fld : Field) return Boolean is + (Valid_Predecessor (Ctx, Fld) + and then Path_Condition (Ctx, Fld)); + + function Available_Space (Ctx : Context; Fld : Field) return RFLX_Types.Bit_Length is + (Ctx.Last - Field_First (Ctx, Fld) + 1); + + function Sufficient_Space (Ctx : Context; Fld : Field) return Boolean is + (Available_Space (Ctx, Fld) >= Field_Size (Ctx, Fld)); + + function Present (Ctx : Context; Fld : Field) return Boolean is + (Well_Formed (Ctx.Cursors (Fld)) + and then Ctx.Cursors (Fld).First < Ctx.Cursors (Fld).Last + 1); + + function Well_Formed (Ctx : Context; Fld : Field) return Boolean is + (Ctx.Cursors (Fld).State = S_Valid + or Ctx.Cursors (Fld).State = S_Well_Formed); + + function Valid (Ctx : Context; Fld : Field) return Boolean is + (Ctx.Cursors (Fld).State = S_Valid + and then Ctx.Cursors (Fld).First < Ctx.Cursors (Fld).Last + 1); + + function Incomplete (Ctx : Context; Fld : Field) return Boolean is + (Ctx.Cursors (Fld).State = S_Incomplete); + + function Invalid (Ctx : Context; Fld : Field) return Boolean is + (Ctx.Cursors (Fld).State = S_Invalid + or Ctx.Cursors (Fld).State = S_Incomplete); + + function Well_Formed_Message (Ctx : Context) return Boolean is + (Well_Formed (Ctx, F_Data)); + + function Valid_Message (Ctx : Context) return Boolean is + (Valid (Ctx, F_Data)); + + function Incomplete_Message (Ctx : Context) return Boolean is + ((for some F in Field => + Incomplete (Ctx, F))); + + function Get_Source_Port (Ctx : Context) return RFLX.DCCP.Port_Type is + (To_Actual (Ctx.Cursors (F_Source_Port).Value)); + + function Get_Destination_Port (Ctx : Context) return RFLX.DCCP.Port_Type is + (To_Actual (Ctx.Cursors (F_Destination_Port).Value)); + + function Get_Data_Offset (Ctx : Context) return RFLX.DCCP.Data_Offset_Type is + (To_Actual (Ctx.Cursors (F_Data_Offset).Value)); + + function Get_CCVal (Ctx : Context) return RFLX.DCCP.CCVal_Type is + (To_Actual (Ctx.Cursors (F_CCVal).Value)); + + function Get_CsCov (Ctx : Context) return RFLX.DCCP.Checksum_Coverage_Type is + (To_Actual (Ctx.Cursors (F_CsCov).Value)); + + function Get_Checksum (Ctx : Context) return RFLX.DCCP.Checksum_Type is + (To_Actual (Ctx.Cursors (F_Checksum).Value)); + + function Get_Res_3 (Ctx : Context) return RFLX.DCCP.Reserved_3_Type is + (To_Actual (Ctx.Cursors (F_Res_3).Value)); + + function Get_Packet_Type (Ctx : Context) return RFLX.DCCP.Type_Field is + (To_Actual (Ctx.Cursors (F_Packet_Type).Value)); + + function Get_X (Ctx : Context) return RFLX.DCCP.Ext_Seq_Type is + (To_Actual (Ctx.Cursors (F_X).Value)); + + function Get_Res_8 (Ctx : Context) return RFLX.DCCP.Reserved_8_Type is + (To_Actual (Ctx.Cursors (F_Res_8).Value)); + + function Get_Sequence_Number_Short (Ctx : Context) return RFLX.DCCP.Sequence_Number_Short_Type is + (To_Actual (Ctx.Cursors (F_Sequence_Number_Short).Value)); + + function Get_Sequence_Number_Long (Ctx : Context) return RFLX.DCCP.Sequence_Number_Long_Type is + (To_Actual (Ctx.Cursors (F_Sequence_Number_Long).Value)); + + function Get_Ack_Reserved_Short (Ctx : Context) return RFLX.DCCP.Reserved_8_Type is + (To_Actual (Ctx.Cursors (F_Ack_Reserved_Short).Value)); + + function Get_Ack_Reserved_Long (Ctx : Context) return RFLX.DCCP.Reserved_16_Type is + (To_Actual (Ctx.Cursors (F_Ack_Reserved_Long).Value)); + + function Get_Ack_Number_Short (Ctx : Context) return RFLX.DCCP.Ack_Number_Short_Type is + (To_Actual (Ctx.Cursors (F_Ack_Number_Short).Value)); + + function Get_Ack_Number_Long (Ctx : Context) return RFLX.DCCP.Ack_Number_Long_Type is + (To_Actual (Ctx.Cursors (F_Ack_Number_Long).Value)); + + function Get_Reset_Code (Ctx : Context) return RFLX.DCCP.Reset_Code_Type is + (To_Actual (Ctx.Cursors (F_Reset_Code).Value)); + + function Get_Service_Code (Ctx : Context) return RFLX.DCCP.Service_Code_Type is + (To_Actual (Ctx.Cursors (F_Service_Code).Value)); + + function Get_Data_1 (Ctx : Context) return RFLX.DCCP.Data_Type is + (To_Actual (Ctx.Cursors (F_Data_1).Value)); + + function Get_Data_2 (Ctx : Context) return RFLX.DCCP.Data_Type is + (To_Actual (Ctx.Cursors (F_Data_2).Value)); + + function Get_Data_3 (Ctx : Context) return RFLX.DCCP.Data_Type is + (To_Actual (Ctx.Cursors (F_Data_3).Value)); + + function Valid_Size (Ctx : Context; Fld : Field; Size : RFLX_Types.Bit_Length) return Boolean is + ((if + Fld = F_Data + and then Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Long + and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNCACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_SYNC)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + Size <= Available_Space (Ctx, Fld) + elsif + Fld = F_Data + and then Ctx.Cursors (Fld).Predecessor = F_Ack_Number_Short + and then ((RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSEREQ)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_CLOSE)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_ACK)) + or RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA_ACK))) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Ack_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + Size <= Available_Space (Ctx, Fld) + elsif + Fld = F_Data + and then Ctx.Cursors (Fld).Predecessor = F_Data_3 + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_3).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 + then + Size <= Available_Space (Ctx, Fld) + elsif + Fld = F_Data + and then Ctx.Cursors (Fld).Predecessor = F_Options + then + Size <= Available_Space (Ctx, Fld) + elsif + Fld = F_Data + and then Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Long + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Long).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + Size <= Available_Space (Ctx, Fld) + elsif + Fld = F_Data + and then Ctx.Cursors (Fld).Predecessor = F_Sequence_Number_Short + and then (RFLX_Types.Bit_Length (Ctx.Cursors (F_Packet_Type).Value) = RFLX_Types.Bit_Length (To_Base_Integer (RFLX.DCCP.DCCP_DATA)) + and RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Sequence_Number_Short).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1) + then + Size <= Available_Space (Ctx, Fld) + elsif + Fld = F_Data + and then Ctx.Cursors (Fld).Predecessor = F_Service_Code + and then RFLX_Types.Bit_Length (Ctx.Cursors (F_Data_Offset).Value) * 32 = RFLX_Types.Bit_Length (Ctx.Cursors (F_Service_Code).Last) - RFLX_Types.Bit_Length (Ctx.First) + 1 + then + Size <= Available_Space (Ctx, Fld) + else + Size = Field_Size (Ctx, Fld))) + with + Pre => + RFLX.DCCP.Packet.Valid_Next (Ctx, Fld); + + function Valid_Length (Ctx : Context; Fld : Field; Length : RFLX_Types.Length) return Boolean is + (Valid_Size (Ctx, Fld, RFLX_Types.To_Bit_Length (Length))); + + function Complete_Options (Ctx : Context; Seq_Ctx : RFLX.DCCP.Options.Context) return Boolean is + (RFLX.DCCP.Options.Valid (Seq_Ctx) + and RFLX.DCCP.Options.Size (Seq_Ctx) = Field_Size (Ctx, F_Options)); + + function Context_Cursor (Ctx : Context; Fld : Field) return Field_Cursor is + (Ctx.Cursors (Fld)); + + function Context_Cursors (Ctx : Context) return Field_Cursors is + (Ctx.Cursors); + + function Context_Cursors_Index (Cursors : Field_Cursors; Fld : Field) return Field_Cursor is + (Cursors (Fld)); + +end RFLX.DCCP.Packet; diff --git a/examples/apps/dccp/rflx/generated/rflx-dccp.ads b/examples/apps/dccp/rflx/generated/rflx-dccp.ads new file mode 100644 index 000000000..311a2d95a --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-dccp.ads @@ -0,0 +1,655 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); +pragma Warnings (Off, "redundant conversion"); +with RFLX.RFLX_Types; + +package RFLX.DCCP with + SPARK_Mode +is + + type Port_Type is range 0 .. 2**16 - 1 with + Size => + 16; + + use type RFLX.RFLX_Types.Base_Integer; + + function Valid_Port_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 65535); + + function To_Base_Integer (Val : RFLX.DCCP.Port_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Port_Type is + (RFLX.DCCP.Port_Type (Val)) + with + Pre => + Valid_Port_Type (Val); + + type Data_Offset_Type is range 3 .. 2**8 - 1 with + Size => + 8; + + function Valid_Data_Offset_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val >= 3 + and Val <= 255); + + function To_Base_Integer (Val : RFLX.DCCP.Data_Offset_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Data_Offset_Type is + (RFLX.DCCP.Data_Offset_Type (Val)) + with + Pre => + Valid_Data_Offset_Type (Val); + + type Checksum_Type is range 0 .. 2**16 - 1 with + Size => + 16; + + function Valid_Checksum_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 65535); + + function To_Base_Integer (Val : RFLX.DCCP.Checksum_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Checksum_Type is + (RFLX.DCCP.Checksum_Type (Val)) + with + Pre => + Valid_Checksum_Type (Val); + + type CCVal_Type is range 0 .. 2**4 - 1 with + Size => + 4; + + function Valid_CCVal_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 15); + + function To_Base_Integer (Val : RFLX.DCCP.CCVal_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.CCVal_Type is + (RFLX.DCCP.CCVal_Type (Val)) + with + Pre => + Valid_CCVal_Type (Val); + + type Checksum_Coverage_Type is range 0 .. 2**4 - 1 with + Size => + 4; + + function Valid_Checksum_Coverage_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 15); + + function To_Base_Integer (Val : RFLX.DCCP.Checksum_Coverage_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Checksum_Coverage_Type is + (RFLX.DCCP.Checksum_Coverage_Type (Val)) + with + Pre => + Valid_Checksum_Coverage_Type (Val); + + type Reserved_3_Type is range 0 .. 2**3 - 1 with + Size => + 3; + + function Valid_Reserved_3_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 7); + + function To_Base_Integer (Val : RFLX.DCCP.Reserved_3_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Reserved_3_Type is + (RFLX.DCCP.Reserved_3_Type (Val)) + with + Pre => + Valid_Reserved_3_Type (Val); + + type Type_Field is (DCCP_REQUEST, DCCP_RESPONSE, DCCP_DATA, DCCP_ACK, DCCP_DATA_ACK, DCCP_CLOSEREQ, DCCP_CLOSE, DCCP_RESET, DCCP_SYNC, DCCP_SYNCACK) with + Size => + 4; + for Type_Field use (DCCP_REQUEST => 0, DCCP_RESPONSE => 1, DCCP_DATA => 2, DCCP_ACK => 3, DCCP_DATA_ACK => 4, DCCP_CLOSEREQ => 5, DCCP_CLOSE => 6, DCCP_RESET => 7, DCCP_SYNC => 8, DCCP_SYNCACK => 9); + + function Valid_Type_Field (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9); + + function To_Base_Integer (Enum : RFLX.DCCP.Type_Field) return RFLX.RFLX_Types.Base_Integer is + ((case Enum is + when DCCP_REQUEST => + 0, + when DCCP_RESPONSE => + 1, + when DCCP_DATA => + 2, + when DCCP_ACK => + 3, + when DCCP_DATA_ACK => + 4, + when DCCP_CLOSEREQ => + 5, + when DCCP_CLOSE => + 6, + when DCCP_RESET => + 7, + when DCCP_SYNC => + 8, + when DCCP_SYNCACK => + 9)); + + pragma Warnings (Off, "unreachable branch"); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Type_Field is + ((case Val is + when 0 => + DCCP_REQUEST, + when 1 => + DCCP_RESPONSE, + when 2 => + DCCP_DATA, + when 3 => + DCCP_ACK, + when 4 => + DCCP_DATA_ACK, + when 5 => + DCCP_CLOSEREQ, + when 6 => + DCCP_CLOSE, + when 7 => + DCCP_RESET, + when 8 => + DCCP_SYNC, + when 9 => + DCCP_SYNCACK, + when others => + RFLX.DCCP.Type_Field'Last)) + with + Pre => + Valid_Type_Field (Val); + + pragma Warnings (On, "unreachable branch"); + + type CsCov_Type is range 0 .. 2**4 - 1 with + Size => + 4; + + function Valid_CsCov_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 15); + + function To_Base_Integer (Val : RFLX.DCCP.CsCov_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.CsCov_Type is + (RFLX.DCCP.CsCov_Type (Val)) + with + Pre => + Valid_CsCov_Type (Val); + + type Ext_Seq_Type is (NOT_EXTENDED, EXTENDED) with + Size => + 1; + for Ext_Seq_Type use (NOT_EXTENDED => 0, EXTENDED => 1); + + function Valid_Ext_Seq_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val in 1 | 0); + + function To_Base_Integer (Enum : RFLX.DCCP.Ext_Seq_Type) return RFLX.RFLX_Types.Base_Integer is + ((case Enum is + when EXTENDED => + 1, + when NOT_EXTENDED => + 0)); + + pragma Warnings (Off, "unreachable branch"); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Ext_Seq_Type is + ((case Val is + when 1 => + EXTENDED, + when 0 => + NOT_EXTENDED, + when others => + RFLX.DCCP.Ext_Seq_Type'Last)) + with + Pre => + Valid_Ext_Seq_Type (Val); + + pragma Warnings (On, "unreachable branch"); + + type Sequence_Number_Long_Type is range 0 .. 2**48 - 1 with + Size => + 48; + + function Valid_Sequence_Number_Long_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 281474976710655); + + function To_Base_Integer (Val : RFLX.DCCP.Sequence_Number_Long_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Sequence_Number_Long_Type is + (RFLX.DCCP.Sequence_Number_Long_Type (Val)) + with + Pre => + Valid_Sequence_Number_Long_Type (Val); + + type Sequence_Number_Short_Type is range 0 .. 2**24 - 1 with + Size => + 24; + + function Valid_Sequence_Number_Short_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 16777215); + + function To_Base_Integer (Val : RFLX.DCCP.Sequence_Number_Short_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Sequence_Number_Short_Type is + (RFLX.DCCP.Sequence_Number_Short_Type (Val)) + with + Pre => + Valid_Sequence_Number_Short_Type (Val); + + type Reserved_8_Type is range 0 .. 2**8 - 1 with + Size => + 8; + + function Valid_Reserved_8_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 255); + + function To_Base_Integer (Val : RFLX.DCCP.Reserved_8_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Reserved_8_Type is + (RFLX.DCCP.Reserved_8_Type (Val)) + with + Pre => + Valid_Reserved_8_Type (Val); + + type Reserved_16_Type is range 0 .. 2**16 - 1 with + Size => + 16; + + function Valid_Reserved_16_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 65535); + + function To_Base_Integer (Val : RFLX.DCCP.Reserved_16_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Reserved_16_Type is + (RFLX.DCCP.Reserved_16_Type (Val)) + with + Pre => + Valid_Reserved_16_Type (Val); + + type Ack_Number_Long_Type is range 0 .. 2**48 - 1 with + Size => + 48; + + function Valid_Ack_Number_Long_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 281474976710655); + + function To_Base_Integer (Val : RFLX.DCCP.Ack_Number_Long_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Ack_Number_Long_Type is + (RFLX.DCCP.Ack_Number_Long_Type (Val)) + with + Pre => + Valid_Ack_Number_Long_Type (Val); + + type Ack_Number_Short_Type is range 0 .. 2**24 - 1 with + Size => + 24; + + function Valid_Ack_Number_Short_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 16777215); + + function To_Base_Integer (Val : RFLX.DCCP.Ack_Number_Short_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Ack_Number_Short_Type is + (RFLX.DCCP.Ack_Number_Short_Type (Val)) + with + Pre => + Valid_Ack_Number_Short_Type (Val); + + type Service_Code_Type is range 0 .. 2**32 - 1 with + Size => + 32; + + function Valid_Service_Code_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 4294967295); + + function To_Base_Integer (Val : RFLX.DCCP.Service_Code_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Service_Code_Type is + (RFLX.DCCP.Service_Code_Type (Val)) + with + Pre => + Valid_Service_Code_Type (Val); + + type Reset_Code_Type is (UNSPECIFIED, CLOSED, ABORTED, NO_CONNECTION, PACKET_ERROR, OPTION_ERROR, MANDATORY_ERROR, CONNECTION_REFUSED, BAD_SERVICE_CODE, TOO_BUSY, BAD_INIT_COOKIE, AGGRESSION_PENALTY) with + Size => + 8; + for Reset_Code_Type use (UNSPECIFIED => 0, CLOSED => 1, ABORTED => 2, NO_CONNECTION => 3, PACKET_ERROR => 4, OPTION_ERROR => 5, MANDATORY_ERROR => 6, CONNECTION_REFUSED => 7, BAD_SERVICE_CODE => 8, TOO_BUSY => 9, BAD_INIT_COOKIE => 10, AGGRESSION_PENALTY => 11); + + function Valid_Reset_Code_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11); + + function To_Base_Integer (Enum : RFLX.DCCP.Reset_Code_Type) return RFLX.RFLX_Types.Base_Integer is + ((case Enum is + when UNSPECIFIED => + 0, + when CLOSED => + 1, + when ABORTED => + 2, + when NO_CONNECTION => + 3, + when PACKET_ERROR => + 4, + when OPTION_ERROR => + 5, + when MANDATORY_ERROR => + 6, + when CONNECTION_REFUSED => + 7, + when BAD_SERVICE_CODE => + 8, + when TOO_BUSY => + 9, + when BAD_INIT_COOKIE => + 10, + when AGGRESSION_PENALTY => + 11)); + + pragma Warnings (Off, "unreachable branch"); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Reset_Code_Type is + ((case Val is + when 0 => + UNSPECIFIED, + when 1 => + CLOSED, + when 2 => + ABORTED, + when 3 => + NO_CONNECTION, + when 4 => + PACKET_ERROR, + when 5 => + OPTION_ERROR, + when 6 => + MANDATORY_ERROR, + when 7 => + CONNECTION_REFUSED, + when 8 => + BAD_SERVICE_CODE, + when 9 => + TOO_BUSY, + when 10 => + BAD_INIT_COOKIE, + when 11 => + AGGRESSION_PENALTY, + when others => + RFLX.DCCP.Reset_Code_Type'Last)) + with + Pre => + Valid_Reset_Code_Type (Val); + + pragma Warnings (On, "unreachable branch"); + + type Data_Type is range 0 .. 2**8 - 1 with + Size => + 8; + + function Valid_Data_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 255); + + function To_Base_Integer (Val : RFLX.DCCP.Data_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Data_Type is + (RFLX.DCCP.Data_Type (Val)) + with + Pre => + Valid_Data_Type (Val); + + type Opt_Type is (PADDING, MANDATORY, SLOW_RECEIVER, CHANGE_L, CONFIRM_L, CHANGE_R, CONFIRM_R, INIT_COOKIE, NDP_COUNT, ACK_VECTOR_0, ACK_VECTOR_1, DATA_DROPPED, TIMESTAMP, TIMESTAMP_ECHO, ELAPSED_TIME, DATA_CHECKSUM, CCID3_LOSS_EVT_RATE, CCID3_RCV_RATE) with + Size => + 8; + for Opt_Type use (PADDING => 0, MANDATORY => 1, SLOW_RECEIVER => 2, CHANGE_L => 32, CONFIRM_L => 33, CHANGE_R => 34, CONFIRM_R => 35, INIT_COOKIE => 36, NDP_COUNT => 37, ACK_VECTOR_0 => 38, ACK_VECTOR_1 => 39, DATA_DROPPED => 40, TIMESTAMP => 41, TIMESTAMP_ECHO => 42, ELAPSED_TIME => 43, DATA_CHECKSUM => 44, CCID3_LOSS_EVT_RATE => 192, CCID3_RCV_RATE => 194); + + function Valid_Opt_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val in 0 | 1 | 2 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 192 | 194); + + function To_Base_Integer (Enum : RFLX.DCCP.Opt_Type) return RFLX.RFLX_Types.Base_Integer is + ((case Enum is + when PADDING => + 0, + when MANDATORY => + 1, + when SLOW_RECEIVER => + 2, + when CHANGE_L => + 32, + when CONFIRM_L => + 33, + when CHANGE_R => + 34, + when CONFIRM_R => + 35, + when INIT_COOKIE => + 36, + when NDP_COUNT => + 37, + when ACK_VECTOR_0 => + 38, + when ACK_VECTOR_1 => + 39, + when DATA_DROPPED => + 40, + when TIMESTAMP => + 41, + when TIMESTAMP_ECHO => + 42, + when ELAPSED_TIME => + 43, + when DATA_CHECKSUM => + 44, + when CCID3_LOSS_EVT_RATE => + 192, + when CCID3_RCV_RATE => + 194)); + + pragma Warnings (Off, "unreachable branch"); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Opt_Type is + ((case Val is + when 0 => + PADDING, + when 1 => + MANDATORY, + when 2 => + SLOW_RECEIVER, + when 32 => + CHANGE_L, + when 33 => + CONFIRM_L, + when 34 => + CHANGE_R, + when 35 => + CONFIRM_R, + when 36 => + INIT_COOKIE, + when 37 => + NDP_COUNT, + when 38 => + ACK_VECTOR_0, + when 39 => + ACK_VECTOR_1, + when 40 => + DATA_DROPPED, + when 41 => + TIMESTAMP, + when 42 => + TIMESTAMP_ECHO, + when 43 => + ELAPSED_TIME, + when 44 => + DATA_CHECKSUM, + when 192 => + CCID3_LOSS_EVT_RATE, + when 194 => + CCID3_RCV_RATE, + when others => + RFLX.DCCP.Opt_Type'Last)) + with + Pre => + Valid_Opt_Type (Val); + + pragma Warnings (On, "unreachable branch"); + + type Option_Length_Type is range 0 .. 2**8 - 1 with + Size => + 8; + + function Valid_Option_Length_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 255); + + function To_Base_Integer (Val : RFLX.DCCP.Option_Length_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Option_Length_Type is + (RFLX.DCCP.Option_Length_Type (Val)) + with + Pre => + Valid_Option_Length_Type (Val); + + type Option_Feature_Type is (FEATURE_RESERVED, CCID, ALLOW_SHORT_SEQNOS, SEQUENCE_WINDOW, ECN_INCAPABLE, ACK_RATIO, SEND_ACK_VECTOR, SEND_NDP_COUNT, MINIMUM_CHECKSUM_COVERAGE, CHECK_DATA_CHECKSUM) with + Size => + 8; + for Option_Feature_Type use (FEATURE_RESERVED => 0, CCID => 1, ALLOW_SHORT_SEQNOS => 2, SEQUENCE_WINDOW => 3, ECN_INCAPABLE => 4, ACK_RATIO => 5, SEND_ACK_VECTOR => 6, SEND_NDP_COUNT => 7, MINIMUM_CHECKSUM_COVERAGE => 8, CHECK_DATA_CHECKSUM => 9); + + function Valid_Option_Feature_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val in 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9); + + function To_Base_Integer (Enum : RFLX.DCCP.Option_Feature_Type) return RFLX.RFLX_Types.Base_Integer is + ((case Enum is + when FEATURE_RESERVED => + 0, + when CCID => + 1, + when ALLOW_SHORT_SEQNOS => + 2, + when SEQUENCE_WINDOW => + 3, + when ECN_INCAPABLE => + 4, + when ACK_RATIO => + 5, + when SEND_ACK_VECTOR => + 6, + when SEND_NDP_COUNT => + 7, + when MINIMUM_CHECKSUM_COVERAGE => + 8, + when CHECK_DATA_CHECKSUM => + 9)); + + pragma Warnings (Off, "unreachable branch"); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Option_Feature_Type is + ((case Val is + when 0 => + FEATURE_RESERVED, + when 1 => + CCID, + when 2 => + ALLOW_SHORT_SEQNOS, + when 3 => + SEQUENCE_WINDOW, + when 4 => + ECN_INCAPABLE, + when 5 => + ACK_RATIO, + when 6 => + SEND_ACK_VECTOR, + when 7 => + SEND_NDP_COUNT, + when 8 => + MINIMUM_CHECKSUM_COVERAGE, + when 9 => + CHECK_DATA_CHECKSUM, + when others => + RFLX.DCCP.Option_Feature_Type'Last)) + with + Pre => + Valid_Option_Feature_Type (Val); + + pragma Warnings (On, "unreachable branch"); + + type Receive_Rate_Type is range 0 .. 2**32 - 1 with + Size => + 32; + + function Valid_Receive_Rate_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 4294967295); + + function To_Base_Integer (Val : RFLX.DCCP.Receive_Rate_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Receive_Rate_Type is + (RFLX.DCCP.Receive_Rate_Type (Val)) + with + Pre => + Valid_Receive_Rate_Type (Val); + + type Loss_Rate_Type is range 0 .. 2**32 - 1 with + Size => + 32; + + function Valid_Loss_Rate_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 4294967295); + + function To_Base_Integer (Val : RFLX.DCCP.Loss_Rate_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Loss_Rate_Type is + (RFLX.DCCP.Loss_Rate_Type (Val)) + with + Pre => + Valid_Loss_Rate_Type (Val); + + type Timestamp_Option_Type is range 0 .. 2**32 - 1 with + Size => + 32; + + function Valid_Timestamp_Option_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 4294967295); + + function To_Base_Integer (Val : RFLX.DCCP.Timestamp_Option_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Timestamp_Option_Type is + (RFLX.DCCP.Timestamp_Option_Type (Val)) + with + Pre => + Valid_Timestamp_Option_Type (Val); + + type Timestamp_Echo_Option_Type is range 0 .. 2**32 - 1 with + Size => + 32; + + function Valid_Timestamp_Echo_Option_Type (Val : RFLX.RFLX_Types.Base_Integer) return Boolean is + (Val <= 4294967295); + + function To_Base_Integer (Val : RFLX.DCCP.Timestamp_Echo_Option_Type) return RFLX.RFLX_Types.Base_Integer is + (RFLX.RFLX_Types.Base_Integer (Val)); + + function To_Actual (Val : RFLX.RFLX_Types.Base_Integer) return RFLX.DCCP.Timestamp_Echo_Option_Type is + (RFLX.DCCP.Timestamp_Echo_Option_Type (Val)) + with + Pre => + Valid_Timestamp_Echo_Option_Type (Val); + +end RFLX.DCCP; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_arithmetic.adb b/examples/apps/dccp/rflx/generated/rflx-rflx_arithmetic.adb new file mode 100644 index 000000000..8aff82dc5 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_arithmetic.adb @@ -0,0 +1,77 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); + +package body RFLX.RFLX_Arithmetic with + SPARK_Mode +is + + function Shift_Left (Value : U64; Amount : Natural) return U64 with + Import, + Convention => Intrinsic, + Global => null; + + function Shift_Right (Value : U64; Amount : Natural) return U64 with + Import, + Convention => Intrinsic, + Global => null; + + function Shift_Add (V : U64; + Data : U64; + Amount : Natural; + Bits : Natural) return U64 + is + pragma Unreferenced (Bits); + begin + return Shift_Left (V, Amount) + Data; + end Shift_Add; + + function Right_Shift (V : U64; Amount : Natural; Size : Natural) return U64 + is + pragma Unreferenced (Size); + begin + return Shift_Right (V, Amount); + end Right_Shift; + + function Left_Shift (V : U64; Amount : Natural; Size : Natural) return U64 + is + pragma Unreferenced (Size); + Result : constant U64 := Shift_Left (V, Amount); + begin + return Result; + end Left_Shift; + + function Mask_Lower (V : U64; Mask, Bits : Natural) return U64 + is + Result : constant U64 := Shift_Left (Shift_Right (V, Mask), Mask); + begin + pragma Assert + (if Bits < U64'Size then Result <= 2 ** Bits - 2 ** Mask + elsif Mask < U64'Size then Result <= U64'Last - 2 ** Mask + 1); + return Result; + end Mask_Lower; + + function Mask_Upper (V : U64; Mask : Natural) return U64 + is + begin + return V and (2 ** Mask - 1); + end Mask_Upper; + + function Add (A : U64; B : U64; Total_Bits, Lower_Bits : Natural) return U64 + is + pragma Unreferenced (Total_Bits, Lower_Bits); + begin + return A + B; + end Add; + + procedure Lemma_Size (Val : Base_Integer; Size : Positive) is + begin + if Size < Base_Integer'Size then + pragma Assert (Val < 2 ** Size); + pragma Assert (U64 (Val) < 2 ** Size); + pragma Assert (Fits_Into (U64 (Val), Size)); + else + pragma Assert (Size = 63); + pragma Assert (Fits_Into (U64 (Val), Size)); + end if; + end Lemma_Size; + +end RFLX.RFLX_Arithmetic; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_arithmetic.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_arithmetic.ads new file mode 100644 index 000000000..2bdf8ceb1 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_arithmetic.ads @@ -0,0 +1,98 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); + +package RFLX.RFLX_Arithmetic with + SPARK_Mode, + Annotate => + (GNATprove, Always_Return) +is + + type U64 is mod 2**64 with + Annotate => (GNATprove, No_Wrap_Around); + + type Base_Integer is range 0 .. 2 ** 63 - 1; + + -- Express that V contains at most Bits non-zero bits, in the least + -- significant part (the rest is zero). + pragma Warnings (Off, "postcondition does not mention function result"); + function Fits_Into (V : U64; Bits : Natural) return Boolean + is (if Bits < U64'Size then V < 2 ** Bits) + with Post => True; + + function Fits_Into (V : Base_Integer; Bits : Natural) return Boolean + is (if Bits < Base_Integer'Size then V < 2 ** Bits) + with Post => True; + + -- Express that V contains (U64'Size - Bits) leading zero bits, then (Bits - + -- Lower) bits of data, then Lower bits of zeros. + -- |- (U64'Size - bits) -|- (Bits-Lower) -|- Lower -| + -- |000000000000000000000|xxxxxxxxxxxxxxxx|000000000| + function Fits_Into_Upper (V : U64; Bits, Lower : Natural) return Boolean + is (if Bits < U64'Size then V <= 2 ** Bits - 2 ** Lower + elsif Lower > 0 and then Lower < U64'Size then V <= U64'Last - 2 ** Lower + 1) + with Pre => Bits <= U64'Size and then Lower <= Bits, + Post => True; + pragma Warnings (On, "postcondition does not mention function result"); + + -- V is assumed to contain Bits bits of data. Add the Amount bits contained + -- in Data by shifting V to the left and adding Data. The result contains + -- (Bits + Amount) bits of data. + function Shift_Add (V : U64; + Data : U64; + Amount : Natural; + Bits : Natural) return U64 + with Pre => + Bits < U64'Size + and then Amount < U64'Size + and then Fits_Into (V, Bits) + and then U64'Size - Amount >= Bits + and then Fits_Into (Data, Amount), + Post => Fits_Into (Shift_Add'Result, Bits + Amount); + + -- Wrapper of Shift_Right that expresses the operation in terms of + -- Fits_Into. + function Right_Shift (V : U64; Amount : Natural; Size : Natural) return U64 with + Pre => + Size <= U64'Size + and then Fits_Into (V, Size) + and then Amount <= Size + and then Size - Amount < U64'Size, + Post => Fits_Into (Right_Shift'Result, Size - Amount); + + -- Wrapper of Shift_Left that expresses the operation in terms of + -- Fits_Into/Fits_Into_Upper. + function Left_Shift (V : U64; Amount : Natural; Size : Natural) return U64 with + Pre => + Size < U64'Size + and then Amount < U64'Size + and then Fits_Into (V, Size) + and then Size + Amount < U64'Size, + Post => Fits_Into_Upper (Left_Shift'Result, Size + Amount, Amount); + + -- V is assumed to have Bits bits of data. Set the lower bits of V to zero. + function Mask_Lower (V : U64; Mask, Bits : Natural) return U64 + with Pre => Bits <= U64'Size and then Fits_Into (V, Bits) and then Mask <= Bits and then Mask >= 1, + Post => Fits_Into_Upper (Mask_Lower'Result, Bits, Mask); + + -- Set the upper bits of V to zero. + function Mask_Upper (V : U64; Mask : Natural) return U64 + with Pre => Mask < U64'Size, + Post => Fits_Into (Mask_Upper'Result, Mask); + + -- Add A and B in the special case where A only uses the upper bits and B + -- only the lower bits. + function Add (A : U64; B : U64; Total_Bits, Lower_Bits : Natural) return U64 + with Pre => + Total_Bits <= U64'Size + and then Lower_Bits <= Total_Bits + and then (if Total_Bits = U64'Size then Lower_Bits /= U64'Size) + and then Fits_Into_Upper (A, Total_Bits, Lower_Bits) + and then Fits_Into (B, Lower_Bits), + Post => Add'Result = A + B and Fits_Into (Add'Result, Total_Bits), + Global => null; + + procedure Lemma_Size (Val : Base_Integer; Size : Positive) + with Ghost, + Pre => Size in 1 .. 63 and then Fits_Into (Val, Size), + Post => Fits_Into (U64 (Val), Size); + +end RFLX.RFLX_Arithmetic; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_builtin_types-conversions.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_builtin_types-conversions.ads new file mode 100644 index 000000000..8b2bc5688 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_builtin_types-conversions.ads @@ -0,0 +1,65 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); + +with RFLX.RFLX_Arithmetic; + +package RFLX.RFLX_Builtin_Types.Conversions with + SPARK_Mode, + Annotate => + (GNATprove, Always_Return) +is + + pragma Annotate (GNATprove, Always_Return, Conversions); + + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.U64) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_U64 (Enum : Boolean) return RFLX.RFLX_Arithmetic.U64 is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.U64) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + + function Valid_Boolean (Val : RFLX.RFLX_Arithmetic.Base_Integer) return Boolean is + (case Val is + when 0 | 1 => + True, + when others => + False); + + function To_Base_Integer (Enum : Boolean) return RFLX.RFLX_Arithmetic.Base_Integer is + (case Enum is + when False => + 0, + when True => + 1); + + function To_Actual (Val : RFLX.RFLX_Arithmetic.Base_Integer) return Boolean is + (case Val is + when 0 => + False, + when 1 => + True, + when others => + False) + with + Pre => + Valid_Boolean (Val); + +end RFLX.RFLX_Builtin_Types.Conversions; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_builtin_types.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_builtin_types.ads new file mode 100644 index 000000000..7a7dfd208 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_builtin_types.ads @@ -0,0 +1,23 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); + +package RFLX.RFLX_Builtin_Types with + SPARK_Mode, + Annotate => + (GNATprove, Always_Return) +is + + type Length is new Natural; + + type Index is new Length range 1 .. Length'Last; + + type Byte is mod 2**8; + + type Bytes is array (Index range <>) of Byte; + + type Bytes_Ptr is access Bytes; + + type Bit_Length is range 0 .. Length'Last * 8; + + type Boolean_Base is mod 2; + +end RFLX.RFLX_Builtin_Types; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operations.adb b/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operations.adb new file mode 100644 index 000000000..b4e4b6e40 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operations.adb @@ -0,0 +1,402 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); + +with RFLX.RFLX_Arithmetic; + +package body RFLX.RFLX_Generic_Types.Generic_Operations with + SPARK_Mode +is + + -- + -- Terminology + -- + -- -----XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX---- Data + -- + -- |-------|-------|-------|-------|-------| Value Bytes + -- 3 LMB 11 19 27 35 RMB 43 + -- + -- |----| |----| + -- LME_Offset RME_Offset + -- + -- |--| |--| + -- LME_Size RME_Size + -- + -- |-------|-------|-------|-------|-------|-------| Data Bytes + -- 0 8 16 24 32 40 + -- LME RME + -- + -- LME: Leftmost Element of Data + -- RME: Rightmost Element of Data + -- + -- LSB: Leftmost Byte of Value + -- RMB: Rightmost Byte of Value + -- + -- LME_Offset: Bits the LME is shifted right relative to first of LME + -- RME_Offset: Bits the RME is shifted left relative to last of RME + -- + -- LME_Size: Number of bits of LME contained in LMB + -- RME_Size: Number of bits of RME contained in RMB + -- + -- LME_Index: Index pointing to LME + -- RME_Index: Index pointing to RME + -- + + use RFLX.RFLX_Arithmetic; + + procedure Get_Index_Offset + (First, Last : Long_Integer; + Off : Offset; + Value_Size : Positive; + RME_Index : out Index; + LME_Index : out Index; + RME_Size : out Natural; + LME_Size : out Natural) + with + Pre => + (Value_Size in 1 .. U64'Size + and then Last >= Long_Integer (Index'First) and then Last <= Long_Integer (Index'Last) + and then First >= Long_Integer (Index'First) and then First <= Long_Integer (Index'Last) + and then Long_Integer ((Natural (Off) + Value_Size - 1) / Byte'Size) < Long_Integer (Last - First + 1)), + Post => + (RME_Index = Index (Last - Long_Integer (Off) / Byte'Size) + and then LME_Index = Index (Last - (Long_Integer (Off) + Long_Integer (Value_Size) - 1) / Byte'Size) + and then RME_Size = Byte'Size - Natural (Off) + and then LME_Size = (Natural (Off) + Value_Size + Byte'Size - 1) mod Byte'Size + 1) + is + begin + RME_Index := Index (Last - Long_Integer (Off) / Byte'Size); + LME_Index := Index (Last - (Long_Integer (Off) + Long_Integer (Value_Size) - 1) / Byte'Size); + RME_Size := Byte'Size - Natural (Off); + LME_Size := (Natural (Off) + Value_Size + Byte'Size - 1) mod Byte'Size + 1; + end Get_Index_Offset; + + function U64_Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Value_Size : Positive) return U64 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Value_Size in 1 .. U64'Size + and then Long_Integer ((Natural (Off) + Value_Size - 1) / Byte'Size) < Buffer.all (First .. Last)'Length), + Post => + (if Value_Size < U64'Size then U64_Extract'Result < 2**Value_Size) + is + Data : constant Bytes := Buffer.all (First .. Last); + + RME_Index : Index; + LME_Index : Index; + + RME_Offset : constant Natural := Natural (Off); + RME_Size : Natural; + + LME_Size : Natural; + LME_Offset : Natural; + Result : U64 := 0; + + begin + -- This function simply iterates over all data bytes that contain + -- relevant data, from most significant to least significant, and adds + -- them up in Result, shifting the Result before the addition as needed + -- (see helper function Shift_Add). + + -- We track the number of bits that are contained in Result to bound the + -- current value of Result by 2 ** (number of bits). At the end of the + -- function, the number of bits should be Value_Size. + + -- We start with the most significant byte. In network-byte order this + -- is the rightmost byte. We need to take into account the case where + -- this is the only byte. + + Get_Index_Offset (Long_Integer (Data'First), Long_Integer (Data'Last), Off, Value_Size, RME_Index, LME_Index, RME_Size, LME_Size); + LME_Offset := Byte'Size - LME_Size; + + declare + Tmp : U64 := Mask_Upper (Byte'Pos (Data (LME_Index)), LME_Size); + begin + if RME_Index = LME_Index then + Tmp := Right_Shift (Tmp, RME_Offset, LME_Size); + end if; + Result := Result + Tmp; + end; + + -- If it was the only byte, we are done. + + if RME_Index = LME_Index then + pragma Assert (Result < 2 ** (LME_Size - RME_Offset)); + return Result; + end if; + + pragma Assert (Fits_Into (Result, LME_Size)); + + -- We now iterate over the "inner bytes" excluding the two extreme bytes. + for I in LME_Index + 1 .. RME_Index - 1 loop + Result := + Shift_Add + (Result, + Byte'Pos (Data (I)), + Byte'Size, + Natural (I - LME_Index) * Byte'Size - LME_Offset); + pragma Loop_Invariant + (Fits_Into (Result, Natural (I - LME_Index + 1) * Byte'Size - LME_Offset)); + end loop; + + -- We now add the relevant bits from the last byte. + pragma Assert (RME_Size in 1 .. U64'Size); + pragma Assert (if LME_Index + 1 <= RME_Index - 1 then Fits_Into (Result, Natural (RME_Index - LME_Index) * Byte'Size - LME_Offset)); + pragma Assert (if LME_Index + 1 > RME_Index - 1 then Fits_Into (Result, Natural (RME_Index - LME_Index) * Byte'Size - LME_Offset)); + pragma Assert (Value_Size - RME_Size = Natural (RME_Index - LME_Index) * Byte'Size - LME_Offset); + pragma Assert (Fits_Into (Result, Value_Size - RME_Size)); + declare + Bits_To_Read : constant U64 := + Right_Shift (Byte'Pos (Data (RME_Index)), RME_Offset, Byte'Size); + begin + Result := Shift_Add (Result, Bits_To_Read, RME_Size, Value_Size - RME_Size); + end; + return Result; + end U64_Extract; + + function U64_Extract_LE + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Value_Size : Positive) return U64 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Value_Size in 1 .. U64'Size + and then Long_Integer ((Natural (Off) + Value_Size - 1) / Byte'Size) < Buffer.all (First .. Last)'Length), + Post => + (if Value_Size < U64'Size then U64_Extract_LE'Result < 2**Value_Size) + is + Data : constant Bytes := Buffer.all (First .. Last); + + RME_Index : Index; + LME_Index : Index; + + RME_Offset : constant Natural := Natural (Off); + RME_Size : Natural; + + LME_Size : Natural; + Result : U64 := 0; + + begin + -- This function is identical in structure to the U64_Extract function. + -- See the comments there for more details. However, in little endian we + -- traverse the relevant bytes in the opposite order. + + Get_Index_Offset (Long_Integer (Data'First), Long_Integer (Data'Last), Off, Value_Size, RME_Index, LME_Index, RME_Size, LME_Size); + + declare + Tmp : U64 := Byte'Pos (Data (RME_Index)); + begin + if RME_Index = LME_Index then + Tmp := Mask_Upper (Tmp, LME_Size); + end if; + Tmp := + Right_Shift + (Tmp, + RME_Offset, + (if RME_Index = LME_Index then LME_Size else Byte'Size)); + Result := Result + Tmp; + end; + + if RME_Index = LME_Index then + pragma Assert (Fits_Into (Result, Value_Size)); + return Result; + end if; + + pragma Assert (Fits_Into (Result, RME_Size)); + + for I in reverse LME_Index + 1 .. RME_Index - 1 loop + Result := + Shift_Add + (Result, + Byte'Pos (Data (I)), + Byte'Size, + Natural (RME_Index - I) * Byte'Size - RME_Offset); + pragma Loop_Invariant + (Fits_Into (Result, Natural (RME_Index - I + 1) * Byte'Size - RME_Offset)); + end loop; + + pragma Assert (LME_Size < U64'Size); + pragma Assert (if LME_Index + 1 <= RME_Index - 1 then Fits_Into (Result, Natural (RME_Index - LME_Index) * Byte'Size - RME_Offset)); + pragma Assert (if LME_Index + 1 > RME_Index - 1 then Fits_Into (Result, Natural (RME_Index - LME_Index) * Byte'Size - RME_Offset)); + pragma Assert (Value_Size - LME_Size = Natural (RME_Index - LME_Index) * Byte'Size - RME_Offset); + pragma Assert (Fits_Into (Result, Value_Size - LME_Size)); + Result := + Shift_Add (Result, + Mask_Upper (Byte'Pos (Data (LME_Index)), LME_Size), + LME_Size, + Value_Size - LME_Size); + pragma Assert (Fits_Into (Result, Value_Size)); + return Result; + end U64_Extract_LE; + + procedure U64_Insert + (Val : U64; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Value_Size : Positive; + BO : Byte_Order) + with + Pre => + Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Value_Size <= U64'Size + and then (if Value_Size < U64'Size then Val < 2**Value_Size) + and then Long_Integer (Natural (Off) + Value_Size - 1) / Byte'Size < Buffer.all (First .. Last)'Length, + Post => + Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last + is + RME_Index : Index; + LME_Index : Index; + + RME_Offset : constant Natural := Natural (Off); + RME_Size : Natural; + + LME_Size : Natural; + + RV : U64; + begin + Get_Index_Offset (Long_Integer (First), Long_Integer (Last), Off, Value_Size, RME_Index, LME_Index, RME_Size, LME_Size); + + if RME_Index = LME_Index then + declare + D : constant U64 := Byte'Pos (Buffer.all (RME_Index)); + pragma Assert (Fits_Into (D, Byte'Size)); + L_Bits : constant U64 := Mask_Lower (D, RME_Offset + Value_Size, Byte'Size); + R_Bits : constant U64 := Mask_Upper (D, RME_Offset); + Bits_To_Add : constant U64 := Left_Shift (Val, RME_Offset, Value_Size); + Result : constant U64 := + Add (L_Bits, Add (Bits_To_Add, R_Bits, RME_Offset + Value_Size, RME_Offset), Byte'Size, RME_Offset + Value_Size); + begin + Buffer.all (RME_Index) := Byte'Val (Result); + end; + + else + case BO is + when Low_Order_First => + declare + L_Bits : constant U64 := Mask_Lower (Byte'Pos (Buffer.all (LME_Index)), LME_Size, Byte'Size); + V_Bits : constant U64 := Mask_Upper (Val, LME_Size); + begin + Buffer.all (LME_Index) := Byte'Val (Add (L_Bits, V_Bits, Byte'Size, LME_Size)); + end; + RV := Right_Shift (Val, LME_Size, Value_Size); + pragma Assert (Fits_Into (RV, Value_Size - LME_Size)); + + for I in LME_Index + 1 .. RME_Index - 1 + loop + Buffer.all (I) := Byte'Val (RV mod 2**Byte'Size); + RV := Right_Shift (RV, Byte'Size, Value_Size - LME_Size - Natural (I - LME_Index - 1) * Byte'Size); + pragma Loop_Invariant (Fits_Into (RV, Value_Size - LME_Size - Natural (I - LME_Index) * Byte'Size)); + end loop; + + pragma Assert (RME_Size = Value_Size - LME_Size - Natural (RME_Index - LME_Index - 1) * Byte'Size); + pragma Assert (Fits_Into (RV, RME_Size)); + declare + U_Value : constant U64 := Mask_Upper (Byte'Pos (Buffer.all (RME_Index)), RME_Offset); + R_Value : constant U64 := Left_Shift (RV, RME_Offset, RME_Size); + begin + Buffer.all (RME_Index) := Byte'Val (Add (R_Value, U_Value, Byte'Size, RME_Offset)); + end; + when High_Order_First => + pragma Assert (LME_Size = Value_Size - RME_Size - Natural (RME_Index - LME_Index - 1) * Byte'Size); + declare + L_Bits : constant U64 := Mask_Upper (Byte'Pos (Buffer.all (RME_Index)), RME_Offset); + V_Bits : constant U64 := Mask_Upper (Val, RME_Size); + V_Value : constant U64 := Left_Shift (V_Bits, RME_Offset, RME_Size); + begin + Buffer.all (RME_Index) := Byte'Val (L_Bits + V_Value); + RV := Right_Shift (Val, RME_Size, Value_Size); + end; + + pragma Assert (RME_Size < Value_Size); + pragma Assert (Fits_Into (RV, Value_Size - RME_Size)); + + for I in reverse LME_Index + 1 .. RME_Index - 1 + loop + Buffer.all (I) := Byte'Val (RV mod 2**Byte'Size); + RV := Right_Shift (RV, Byte'Size, Value_Size - RME_Size - Natural (RME_Index - I - 1) * Byte'Size); + pragma Loop_Invariant (Fits_Into (RV, Value_Size - RME_Size - Natural (RME_Index - I) * Byte'Size)); + end loop; + + pragma Assert (LME_Size = Value_Size - RME_Size - Natural (RME_Index - LME_Index - 1) * Byte'Size); + pragma Assert (Fits_Into (RV, LME_Size)); + declare + U_Value : constant U64 := Mask_Lower (Byte'Pos (Buffer.all (LME_Index)), LME_Size, Byte'Size); + Sum : U64; + begin + Sum := Add (U_Value, RV, Byte'Size, LME_Size); + Buffer.all (LME_Index) := Byte'Val (Sum); + end; + end case; + end if; + end U64_Insert; + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return U64 + is + begin + if BO = High_Order_First then + return U64_Extract (Buffer, First, Last, Off, Size); + else + return U64_Extract_LE (Buffer, First, Last, Off, Size); + end if; + end Extract; + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return Base_Integer + is + begin + return Base_Integer (U64'(Extract (Buffer, First, Last, Off, Size, BO))); + end Extract; + + procedure Insert + (Val : U64; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + U64_Insert (Val, Buffer, First, Last, Off, Size, BO); + end Insert; + + procedure Insert + (Val : Base_Integer; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + is + begin + Lemma_Size (Val, Size); + Insert (U64 (Val), Buffer, First, Last, Off, Size, BO); + end Insert; + +end RFLX.RFLX_Generic_Types.Generic_Operations; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operations.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operations.ads new file mode 100644 index 000000000..ec7b3fc8f --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operations.ads @@ -0,0 +1,100 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); + +with RFLX.RFLX_Generic_Types.Generic_Operators; + +generic + with package Operators is new RFLX.RFLX_Generic_Types.Generic_Operators (<>); +package RFLX.RFLX_Generic_Types.Generic_Operations with + SPARK_Mode, + Annotate => + (GNATprove, Always_Return) +is + use Operators; + + use type U64; + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return U64 + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. U64'Size + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (if Size < U64'Size then Extract'Result < 2**Size); + + function Extract + (Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) return Base_Integer + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1) + and then (Offset'Pos (Off) + Size - 1) / Byte'Size <= Natural'Size + and then (Byte'Size - Natural (Offset'Pos (Off) mod Byte'Size)) < Long_Integer'Size - 1), + Post => + (U64 (Extract'Result) < 2**Size); + + procedure Insert + (Val : U64; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. U64'Size + and then Fits_Into (Val, Size) + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + + procedure Insert + (Val : Base_Integer; + Buffer : Bytes_Ptr; + First : Index; + Last : Index; + Off : Offset; + Size : Positive; + BO : Byte_Order) + with + Pre => + (Buffer /= null + and then First >= Buffer'First + and then Last <= Buffer'Last + and then Size in 1 .. 63 + and then Fits_Into (Val, Size) + and then First <= Last + and then Last - First <= Index'Last - 1 + and then Length ((Offset'Pos (Off) + Size - 1) / Byte'Size) < Length (Last - First + 1)), + Post => + (Buffer'First = Buffer.all'Old'First and Buffer'Last = Buffer.all'Old'Last); + +end RFLX.RFLX_Generic_Types.Generic_Operations; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operators.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operators.ads new file mode 100644 index 000000000..4898e4048 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types-generic_operators.ads @@ -0,0 +1,29 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); + +generic +package RFLX.RFLX_Generic_Types.Generic_Operators with + SPARK_Mode, + Annotate => + (GNATprove, Always_Return) +is + + function "+" (Left : Index; Right : Length) return Index is + (Index (Length (Left) + Right)) + with + Pre => + Length (Left) <= Length'Last - Right; + + function "-" (Left : Index; Right : Index) return Length is + (Length (Left) - Length (Right)) + with + Pre => + Length (Left) >= Length'First + Length (Right); + + function "-" (Left : Index; Right : Length) return Index is + (Index (Length (Left) - Right)) + with + Pre => + Right < Length'Last + and then Length (Left) >= Length (Index'First) + Right; + +end RFLX.RFLX_Generic_Types.Generic_Operators; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types.ads new file mode 100644 index 000000000..088b766af --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_generic_types.ads @@ -0,0 +1,97 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); + +with Ada.Unchecked_Deallocation; +with RFLX.RFLX_Arithmetic; + +generic + type Custom_Index is range <>; + type Custom_Byte is (<>); + type Custom_Bytes is array (Custom_Index range <>) of Custom_Byte; + type Custom_Bytes_Ptr is access Custom_Bytes; + type Custom_Length is range <>; + type Custom_Bit_Length is range <>; +package RFLX.RFLX_Generic_Types with + SPARK_Mode, + Annotate => + (GNATprove, Always_Return) +is + + subtype Index is Custom_Index; + + subtype Byte is Custom_Byte; + + subtype Bytes is Custom_Bytes; + + subtype Bytes_Ptr is Custom_Bytes_Ptr; + + subtype Length is Custom_Length; + + subtype Bit_Length is Custom_Bit_Length; + + function "+" (Left : Index; Right : Index) return Index is abstract; + + function "-" (Left : Index; Right : Index) return Index is abstract; + + pragma Compile_Time_Error (Index'First /= 1, "Index'First must be 1"); + + pragma Compile_Time_Error (Byte'Size /= 8, "Byte must be of size 8"); + + pragma Compile_Time_Error (Byte'Pos (Byte'Last) - Byte'Pos (Byte'First) + 1 /= 2**Byte'Size, + "Byte must cover entire value range"); + + pragma Compile_Time_Error (Length'First /= 0, "Length'First must be 0"); + + pragma Compile_Time_Error (Length'Pos (Length'Last) /= Index'Pos (Index'Last), + "Length'Last must be equal to Index'Last"); + + pragma Compile_Time_Error (Bit_Length'First /= 0, "Bit_Length'First must be 0"); + + pragma Compile_Time_Error (Bit_Length'Pos (Bit_Length'Last) /= Length'Pos (Length'Last) * 8, + "Bit_Length'Last must be equal to Length'Last * 8"); + + subtype U64 is RFLX.RFLX_Arithmetic.U64; + + subtype Base_Integer is RFLX.RFLX_Arithmetic.Base_Integer; + + subtype Bit_Index is Bit_Length range 1 .. Bit_Length'Last; + + function To_Index (Bit_Idx : Bit_Length) return Index is + (Index (Length ((Bit_Idx - 1) / 8) + 1)); + + function To_Length (Bit_Len : Bit_Length) return Length is + (Length ((Bit_Len + 7) / 8)); + + function To_Bit_Length (Len : Length) return Bit_Length is + (Bit_Length (Len) * 8); + + function To_First_Bit_Index (Idx : Index) return Bit_Index is + ((Bit_Length (Idx) - 1) * 8 + 1); + + function To_Last_Bit_Index (Idx : Index) return Bit_Index is + ((Bit_Length (Idx) - 1) * 8 + 8); + + function To_Last_Bit_Index (Idx : Length) return Bit_Length is + ((Bit_Length (Idx) - 1) * 8 + 8); + + function Fits_Into (V : U64; Bits : Natural) return Boolean renames RFLX_Arithmetic.Fits_Into; + function Fits_Into (V : Base_Integer; Bits : Natural) return Boolean renames RFLX_Arithmetic.Fits_Into; + + type Offset is mod 8; + + type Byte_Order is (High_Order_First, Low_Order_First); + + pragma Warnings (Off, "precondition is always False"); + + function Unreachable return Boolean is (False) with Pre => False; + + function Unreachable return Bit_Length is (0) with Pre => False; + + function Unreachable return Length is (0) with Pre => False; + + pragma Warnings (On, "precondition is always False"); + + procedure Lemma_Size (Val : Base_Integer; Size : Positive) renames RFLX.RFLX_Arithmetic.Lemma_Size; + + procedure Free is new Ada.Unchecked_Deallocation (Object => Bytes, Name => Bytes_Ptr); + +end RFLX.RFLX_Generic_Types; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_message_sequence.adb b/examples/apps/dccp/rflx/generated/rflx-rflx_message_sequence.adb new file mode 100644 index 000000000..4007c4810 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_message_sequence.adb @@ -0,0 +1,83 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); + +package body RFLX.RFLX_Message_Sequence with + SPARK_Mode +is + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr) is + begin + Initialize (Ctx, Buffer, RFLX_Types.To_First_Bit_Index (Buffer'First), RFLX_Types.To_Last_Bit_Index (Buffer'Last)); + end Initialize; + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) + is + Buffer_First : constant RFLX_Types.Index := Buffer'First; + Buffer_Last : constant RFLX_Types.Index := Buffer'Last; + begin + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid); + Buffer := null; + end Initialize; + + procedure Reset (Ctx : in out Context) is + begin + Ctx.Sequence_Last := Ctx.First - 1; + Ctx.State := S_Valid; + end Reset; + + procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) is + begin + Buffer := Ctx.Buffer; + Ctx.Buffer := null; + end Take_Buffer; + + procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) is + begin + if Buffer'Length > 0 then + Buffer := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Sequence_Last)); + else + Buffer := Ctx.Buffer.all (RFLX_Types.Index'Last .. RFLX_Types.Index'First); + end if; + end Copy; + + procedure Append_Element (Ctx : in out Context; Element_Ctx : Element_Context) is + begin + Element_Copy (Element_Ctx, Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.Sequence_Last + 1) .. RFLX_Types.To_Index (Ctx.Sequence_Last + Element_Size (Element_Ctx)))); + Ctx.Sequence_Last := Ctx.Sequence_Last + Element_Size (Element_Ctx); + end Append_Element; + + procedure Switch (Ctx : in out Context; Element_Ctx : out Element_Context) is + Buffer : RFLX_Types.Bytes_Ptr := Ctx.Buffer; + begin + Ctx.Buffer := null; + pragma Warnings (Off, "unused assignment to ""Buffer"""); + Element_Initialize (Element_Ctx, Buffer, Ctx.Sequence_Last + 1, Ctx.Last, Ctx.Last); + pragma Warnings (On, "unused assignment to ""Buffer"""); + end Switch; + + procedure Update (Ctx : in out Context; Element_Ctx : in out Element_Context) is + Buffer : RFLX_Types.Bytes_Ptr; + Valid_Message : constant Boolean := Element_Valid_Message (Element_Ctx); + Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First; + begin + if Valid_Message then + Last := Element_Last (Element_Ctx); + end if; + Element_Take_Buffer (Element_Ctx, Buffer); + Ctx.Buffer := Buffer; + if Valid_Message then + Ctx.Sequence_Last := Last; + else + Ctx.State := S_Invalid; + end if; + end Update; + + procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) is + begin + if Data'Length > 0 then + Data := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Sequence_Last)); + else + Data := Ctx.Buffer.all (1 .. 0); + end if; + end Data; + +end RFLX.RFLX_Message_Sequence; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_message_sequence.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_message_sequence.ads new file mode 100644 index 000000000..ab8d10362 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_message_sequence.ads @@ -0,0 +1,259 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); +with RFLX.RFLX_Types; + +generic + type Element_Context (Buffer_First, Buffer_Last : RFLX_Types.Index; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) is private; + with procedure Element_Initialize (Ctx : out Element_Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length; Written_Last : RFLX_Types.Bit_Length := 0); + with procedure Element_Take_Buffer (Ctx : in out Element_Context; Buffer : out RFLX_Types.Bytes_Ptr); + with procedure Element_Copy (Ctx : Element_Context; Buffer : out RFLX_Types.Bytes); + with function Element_Has_Buffer (Ctx : Element_Context) return Boolean; + with function Element_Size (Ctx : Element_Context) return RFLX_Types.Bit_Length; + with function Element_Last (Ctx : Element_Context) return RFLX_Types.Bit_Index; + with function Element_Initialized (Ctx : Element_Context) return Boolean; + with function Element_Valid_Message (Ctx : Element_Context) return Boolean; +package RFLX.RFLX_Message_Sequence with + SPARK_Mode, + Annotate => + (GNATprove, Always_Return) +is + + pragma Annotate (GNATprove, Always_Return, RFLX_Message_Sequence); + + pragma Unevaluated_Use_Of_Old (Allow); + + pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); + + use type RFLX_Types.Bytes_Ptr, RFLX_Types.Index, RFLX_Types.Length, RFLX_Types.Bit_Index; + + pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); + + type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with + Default_Initial_Condition => + RFLX_Types.To_Index (First) >= Buffer_First + and RFLX_Types.To_Index (Last) <= Buffer_Last + and Buffer_Last < RFLX_Types.Index'Last + and First <= Last + 1 + and Last <= RFLX_Types.Bit_Length'Last - 1 + and First mod RFLX_Types.Byte'Size = 1 + and Last mod RFLX_Types.Byte'Size = 0; + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr) with + Pre => + (not Ctx'Constrained + and then Buffer /= null + and then Buffer'Length > 0 + and then Buffer'Last < RFLX_Types.Index'Last), + Post => + (Has_Buffer (Ctx) + and Valid (Ctx) + and Buffer = null + and Ctx.Buffer_First = Buffer'First'Old + and Ctx.Buffer_Last = Buffer'Last'Old + and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) + and Ctx.Last = RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last) + and Sequence_Last (Ctx) = Ctx.First - 1), + Depends => + (Ctx => Buffer, Buffer => null); + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) with + Pre => + (not Ctx'Constrained + and then Buffer /= null + and then Buffer'Length > 0 + and then Buffer'Last < RFLX_Types.Index'Last + and then RFLX_Types.To_Index (First) >= Buffer'First + and then RFLX_Types.To_Index (Last) <= Buffer'Last + and then First <= Last + 1 + and then Last <= RFLX_Types.Bit_Length'Last - 1 + and then First mod RFLX_Types.Byte'Size = 1 + and then Last mod RFLX_Types.Byte'Size = 0), + Post => + (Buffer = null + and Has_Buffer (Ctx) + and Valid (Ctx) + and Ctx.Buffer_First = Buffer'First'Old + and Ctx.Buffer_Last = Buffer'Last'Old + and Ctx.First = First + and Ctx.Last = Last + and Sequence_Last (Ctx) = First - 1), + Depends => + (Ctx => (Buffer, First, Last), Buffer => null); + + procedure Reset (Ctx : in out Context) with + Pre => + Has_Buffer (Ctx), + Post => + (Has_Buffer (Ctx) + and Valid (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Sequence_Last (Ctx) = Ctx.First - 1); + + procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) with + Pre => + Has_Buffer (Ctx), + Post => + (not Has_Buffer (Ctx) + and Buffer /= null + and Buffer'First = Ctx.Buffer_First + and Buffer'Last = Ctx.Buffer_Last + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Valid (Ctx) = Valid (Ctx)'Old + and Sequence_Last (Ctx) = Sequence_Last (Ctx)'Old), + Depends => + (Ctx => Ctx, Buffer => Ctx); + + procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) with + Pre => + (Has_Buffer (Ctx) + and Valid (Ctx) + and Byte_Size (Ctx) = Buffer'Length); + + function Has_Element (Ctx : Context) return Boolean; + + procedure Append_Element (Ctx : in out Context; Element_Ctx : Element_Context) with + Pre => + (Has_Buffer (Ctx) + and then Valid (Ctx) + and then Element_Has_Buffer (Element_Ctx) + and then Element_Valid_Message (Element_Ctx) + and then Element_Size (Element_Ctx) > 0 + and then Available_Space (Ctx) >= Element_Size (Element_Ctx)), + Post => + (Has_Buffer (Ctx) + and Valid (Ctx) + and Sequence_Last (Ctx) = Sequence_Last (Ctx)'Old + Element_Size (Element_Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old); + + procedure Switch (Ctx : in out Context; Element_Ctx : out Element_Context) with + Pre => + (not Element_Ctx'Constrained + and then Has_Buffer (Ctx) + and then Has_Element (Ctx) + and then Valid (Ctx)), + Post => + (not Has_Buffer (Ctx) + and Has_Element (Ctx) + and Valid (Ctx) + and Element_Has_Buffer (Element_Ctx) + and Ctx.Buffer_First = Element_Ctx.Buffer_First + and Ctx.Buffer_Last = Element_Ctx.Buffer_Last + and Ctx.First <= Element_Ctx.First + and Ctx.Last >= Element_Ctx.Last + and Element_Ctx.First = Sequence_Last (Ctx) + 1 + and Element_Ctx.Last = Ctx.Last + and Element_Initialized (Element_Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Sequence_Last (Ctx) = Sequence_Last (Ctx)'Old), + Depends => + (Ctx => Ctx, Element_Ctx => Ctx); + + procedure Update (Ctx : in out Context; Element_Ctx : in out Element_Context) with + Pre => + (not Has_Buffer (Ctx) + and then Element_Has_Buffer (Element_Ctx) + and then Has_Element (Ctx) + and then Valid (Ctx) + and then Ctx.Buffer_First = Element_Ctx.Buffer_First + and then Ctx.Buffer_Last = Element_Ctx.Buffer_Last + and then Ctx.First <= Element_Ctx.First + and then Ctx.Last >= Element_Ctx.Last), + Post => + (Has_Buffer (Ctx) + and not Element_Has_Buffer (Element_Ctx) + and (if Element_Valid_Message (Element_Ctx)'Old then Valid (Ctx)) + and Sequence_Last (Ctx) = RFLX_Types.Bit_Length'(if Element_Valid_Message (Element_Ctx) then Element_Last (Element_Ctx) else Sequence_Last (Ctx))'Old + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old), + Contract_Cases => + (Element_Valid_Message (Element_Ctx) => + (Sequence_Last (Ctx) = Element_Last (Element_Ctx)'Old), + others => + True), + Depends => + (Ctx => (Ctx, Element_Ctx), Element_Ctx => Element_Ctx); + + function Valid (Ctx : Context) return Boolean; + + function Has_Buffer (Ctx : Context) return Boolean; + + function Available_Space (Ctx : Context) return RFLX_Types.Bit_Length; + + function Sequence_Last (Ctx : Context) return RFLX_Types.Bit_Length; + + function Size (Ctx : Context) return RFLX_Types.Bit_Length; + + function Byte_Size (Ctx : Context) return RFLX_Types.Length; + + procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) with + Pre => + (Has_Buffer (Ctx) + and then Valid (Ctx) + and then Data'Length = Byte_Size (Ctx)); + +private + + pragma Warnings (Off, "use clause for package * has no effect"); + + use RFLX.RFLX_Types; + + pragma Warnings (On, "use clause for package * has no effect"); + + type Context_State is (S_Valid, S_Invalid); + + type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is + record + Sequence_Last : RFLX_Types.Bit_Length := First - 1; + Buffer : RFLX_Types.Bytes_Ptr := null; + State : Context_State := S_Valid; + end record with + Dynamic_Predicate => + ((if Buffer /= null then + (Buffer'First = Buffer_First + and Buffer'Last = Buffer_Last)) + and RFLX_Types.To_Index (First) >= Buffer_First + and RFLX_Types.To_Index (Last) <= Buffer_Last + and Buffer_Last < RFLX_Types.Index'Last + and First <= Last + 1 + and Last <= RFLX_Types.Bit_Length'Last - 1 + and First - 1 <= Sequence_Last + and Sequence_Last <= Last + and First mod RFLX_Types.Byte'Size = 1 + and Last mod RFLX_Types.Byte'Size = 0 + and Sequence_Last mod RFLX_Types.Byte'Size = 0); + + function Has_Element (Ctx : Context) return Boolean is + (Ctx.State = S_Valid and Ctx.Sequence_Last < Ctx.Last); + + function Valid (Ctx : Context) return Boolean is + (Ctx.State = S_Valid); + + function Has_Buffer (Ctx : Context) return Boolean is + (Ctx.Buffer /= null); + + function Available_Space (Ctx : Context) return RFLX_Types.Bit_Length is + (Ctx.Last - Ctx.Sequence_Last); + + function Sequence_Last (Ctx : Context) return RFLX_Types.Bit_Length is + (Ctx.Sequence_Last); + + function Size (Ctx : Context) return RFLX_Types.Bit_Length is + (Ctx.Sequence_Last - Ctx.First + 1); + + function Byte_Size (Ctx : Context) return RFLX_Types.Length is + (RFLX_Types.To_Length (Size (Ctx))); + +end RFLX.RFLX_Message_Sequence; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_scalar_sequence.adb b/examples/apps/dccp/rflx/generated/rflx-rflx_scalar_sequence.adb new file mode 100644 index 000000000..5bda20c30 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_scalar_sequence.adb @@ -0,0 +1,96 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); +with RFLX.RFLX_Types.Operations; + +package body RFLX.RFLX_Scalar_Sequence with + SPARK_Mode +is + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr) is + begin + Initialize (Ctx, Buffer, RFLX_Types.To_First_Bit_Index (Buffer'First), RFLX_Types.To_Last_Bit_Index (Buffer'Last)); + end Initialize; + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) + is + Buffer_First : constant RFLX_Types.Index := Buffer'First; + Buffer_Last : constant RFLX_Types.Index := Buffer'Last; + begin + Ctx := (Buffer_First => Buffer_First, Buffer_Last => Buffer_Last, First => First, Last => Last, Buffer => Buffer, Sequence_Last => First - 1, State => S_Valid, First_Element => RFLX.RFLX_Types.Base_Integer'First, Next_Element => RFLX.RFLX_Types.Base_Integer'First); + Buffer := null; + end Initialize; + + procedure Reset (Ctx : in out Context) is + begin + Ctx.Sequence_Last := Ctx.First - 1; + Ctx.State := S_Valid; + end Reset; + + procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) is + begin + Buffer := Ctx.Buffer; + Ctx.Buffer := null; + end Take_Buffer; + + procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) is + begin + if Buffer'Length > 0 then + Buffer := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Sequence_Last)); + else + Buffer := Ctx.Buffer.all (RFLX_Types.Index'Last .. RFLX_Types.Index'First); + end if; + end Copy; + + procedure Next (Ctx : in out Context) is + Last_Bit : constant RFLX_Types.Bit_Index := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); + Buffer_First : constant RFLX_Types.Index := RFLX_Types.To_Index (Ctx.Sequence_Last + 1); + Buffer_Last : constant RFLX_Types.Index := RFLX_Types.To_Index (Last_Bit); + Offset : constant RFLX_Types.Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); + begin + if Buffer_First >= Ctx.Buffer'First and Buffer_Last <= Ctx.Buffer'Last and Buffer_First <= Buffer_Last then + Ctx.Next_Element := RFLX.RFLX_Types.Operations.Extract (Ctx.Buffer, Buffer_First, Buffer_Last, Offset, Element_Size, RFLX_Types.High_Order_First); + if Valid_Element (Ctx) then + if Size (Ctx) = 0 then + Ctx.First_Element := Ctx.Next_Element; + end if; + else + Ctx.State := S_Invalid; + end if; + end if; + Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); + end Next; + + function Get_Element (Ctx : Context) return Element_Type is + (To_Actual (Ctx.Next_Element)); + + function Head (Ctx : Context) return Element_Type is + (To_Actual (Ctx.First_Element)); + + procedure Append_Element (Ctx : in out Context; Value : Element_Type) is + Last_Bit : RFLX_Types.Bit_Index; + First : RFLX_Types.Index; + Last : RFLX_Types.Index; + Offset : RFLX_Types.Offset; + begin + Last_Bit := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); + First := RFLX_Types.To_Index (Ctx.Sequence_Last + 1); + Last := RFLX_Types.To_Index (Last_Bit); + Offset := RFLX_Types.Offset ((8 - (Last_Bit mod 8)) mod 8); + if First >= Ctx.Buffer'First and Last <= Ctx.Buffer'Last and First <= Last then + RFLX.RFLX_Types.Operations.Insert (To_Base_Int (Value), Ctx.Buffer, First, Last, Offset, Element_Size, RFLX_Types.High_Order_First); + end if; + if Size (Ctx) = 0 then + Ctx.First_Element := To_Base_Int (Value); + end if; + Ctx.Sequence_Last := Ctx.Sequence_Last + RFLX.RFLX_Types.Bit_Index (Element_Size); + end Append_Element; + + procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) is + begin + if Data'Length > 0 then + Data := Ctx.Buffer.all (RFLX_Types.To_Index (Ctx.First) .. RFLX_Types.To_Index (Ctx.Sequence_Last)); + else + Data := Ctx.Buffer.all (1 .. 0); + end if; + end Data; + +end RFLX.RFLX_Scalar_Sequence; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_scalar_sequence.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_scalar_sequence.ads new file mode 100644 index 000000000..749c6a08c --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_scalar_sequence.ads @@ -0,0 +1,232 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); +with RFLX.RFLX_Types; + +generic + type Element_Type is private; + Element_Size : Positive; + with function Valid (Element : RFLX.RFLX_Types.Base_Integer) return Boolean; + with function To_Actual (Element : RFLX.RFLX_Types.Base_Integer) return Element_Type; + with function To_Base_Int (Element : Element_Type) return RFLX.RFLX_Types.Base_Integer; +package RFLX.RFLX_Scalar_Sequence with + SPARK_Mode, + Annotate => + (GNATprove, Always_Return) +is + + pragma Annotate (GNATprove, Always_Return, RFLX_Scalar_Sequence); + + use type RFLX_Types.Bytes_Ptr; + + use type RFLX_Types.Index; + + pragma Warnings (Off, """LENGTH"" is already use-visible through previous use_type_clause"); + + use type RFLX_Types.Length; + + pragma Warnings (On, """LENGTH"" is already use-visible through previous use_type_clause"); + + use type RFLX_Types.Bit_Index; + + use type RFLX_Types.Base_Integer; + + type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is private with + Default_Initial_Condition => + RFLX_Types.To_Index (First) >= Buffer_First + and RFLX_Types.To_Index (Last) <= Buffer_Last + and Buffer_Last < RFLX_Types.Index'Last + and First <= Last + 1 + and Last <= RFLX_Types.Bit_Length'Last - 1 + and First mod RFLX_Types.Byte'Size = 1; + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr) with + Pre => + (not Ctx'Constrained + and then Buffer /= null + and then Buffer'Length > 0 + and then Buffer'Last < RFLX_Types.Index'Last), + Post => + (Has_Buffer (Ctx) + and Valid (Ctx) + and Buffer = null + and Ctx.Buffer_First = Buffer'First'Old + and Ctx.Buffer_Last = Buffer'Last'Old + and Ctx.First = RFLX_Types.To_First_Bit_Index (Ctx.Buffer_First) + and Ctx.Last = RFLX_Types.To_Last_Bit_Index (Ctx.Buffer_Last) + and Sequence_Last (Ctx) = Ctx.First - 1), + Depends => + (Ctx => Buffer, Buffer => null); + + procedure Initialize (Ctx : out Context; Buffer : in out RFLX_Types.Bytes_Ptr; First : RFLX_Types.Bit_Index; Last : RFLX_Types.Bit_Length) with + Pre => + (not Ctx'Constrained + and then Buffer /= null + and then Buffer'Length > 0 + and then Buffer'Last < RFLX_Types.Index'Last + and then RFLX_Types.To_Index (First) >= Buffer'First + and then RFLX_Types.To_Index (Last) <= Buffer'Last + and then First <= Last + 1 + and then Last <= RFLX_Types.Bit_Length'Last - 1 + and then First mod RFLX_Types.Byte'Size = 1), + Post => + (Buffer = null + and Has_Buffer (Ctx) + and Valid (Ctx) + and Ctx.Buffer_First = Buffer'First'Old + and Ctx.Buffer_Last = Buffer'Last'Old + and Ctx.First = First + and Ctx.Last = Last + and Sequence_Last (Ctx) = First - 1), + Depends => + (Ctx => (Buffer, First, Last), Buffer => null); + + procedure Reset (Ctx : in out Context) with + Pre => + Has_Buffer (Ctx), + Post => + (Has_Buffer (Ctx) + and Valid (Ctx) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Sequence_Last (Ctx) = Ctx.First - 1); + + procedure Take_Buffer (Ctx : in out Context; Buffer : out RFLX_Types.Bytes_Ptr) with + Pre => + Has_Buffer (Ctx), + Post => + (not Has_Buffer (Ctx) + and Buffer /= null + and Buffer'First = Ctx.Buffer_First + and Buffer'Last = Ctx.Buffer_Last + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old + and Valid (Ctx) = Valid (Ctx)'Old + and Sequence_Last (Ctx) = Sequence_Last (Ctx)'Old), + Depends => + (Ctx => Ctx, Buffer => Ctx); + + procedure Copy (Ctx : Context; Buffer : out RFLX_Types.Bytes) with + Pre => + (Has_Buffer (Ctx) + and Valid (Ctx) + and Byte_Size (Ctx) = Buffer'Length); + + procedure Next (Ctx : in out Context) with + Pre => + (Has_Buffer (Ctx) + and then Has_Element (Ctx)), + Post => + (Has_Buffer (Ctx) + and Sequence_Last (Ctx) = Sequence_Last (Ctx)'Old + RFLX.RFLX_Types.Bit_Index (Element_Size) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old); + + function Has_Element (Ctx : Context) return Boolean; + + function Valid_Element (Ctx : Context) return Boolean; + + function Get_Element (Ctx : Context) return Element_Type with + Pre => + Valid_Element (Ctx); + + function Head (Ctx : Context) return Element_Type with + Pre => + (Valid (Ctx) + and then Sequence_Last (Ctx) >= Ctx.First + RFLX.RFLX_Types.Bit_Index (Element_Size) - 1); + + procedure Append_Element (Ctx : in out Context; Value : Element_Type) with + Pre => + (Has_Buffer (Ctx) + and then Valid (Ctx) + and then Valid (To_Base_Int (Value)) + and then (if Element_Size < 64 then To_Base_Int (Value) < 2**Element_Size) + and then Available_Space (Ctx) >= RFLX.RFLX_Types.Bit_Index (Element_Size)), + Post => + (Has_Buffer (Ctx) + and Valid (Ctx) + and Sequence_Last (Ctx) = Sequence_Last (Ctx)'Old + RFLX.RFLX_Types.Bit_Index (Element_Size) + and Ctx.Buffer_First = Ctx.Buffer_First'Old + and Ctx.Buffer_Last = Ctx.Buffer_Last'Old + and Ctx.First = Ctx.First'Old + and Ctx.Last = Ctx.Last'Old); + + function Valid (Ctx : Context) return Boolean; + + function Has_Buffer (Ctx : Context) return Boolean; + + function Available_Space (Ctx : Context) return RFLX_Types.Bit_Length; + + function Sequence_Last (Ctx : Context) return RFLX_Types.Bit_Length; + + function Size (Ctx : Context) return RFLX_Types.Bit_Length; + + function Byte_Size (Ctx : Context) return RFLX_Types.Length; + + procedure Data (Ctx : Context; Data : out RFLX_Types.Bytes) with + Pre => + (Has_Buffer (Ctx) + and then Valid (Ctx) + and then Data'Length = Byte_Size (Ctx)); + +private + + pragma Warnings (Off, "use clause for package * has no effect"); + + use RFLX.RFLX_Types; + + pragma Warnings (On, "use clause for package * has no effect"); + + type Context_State is (S_Valid, S_Invalid); + + type Context (Buffer_First, Buffer_Last : RFLX_Types.Index := RFLX_Types.Index'First; First : RFLX_Types.Bit_Index := RFLX_Types.Bit_Index'First; Last : RFLX_Types.Bit_Length := RFLX_Types.Bit_Length'First) is + record + Sequence_Last : RFLX_Types.Bit_Length := First - 1; + Buffer : RFLX_Types.Bytes_Ptr := null; + State : Context_State := S_Valid; + First_Element : RFLX.RFLX_Types.Base_Integer := RFLX.RFLX_Types.Base_Integer'First; + Next_Element : RFLX.RFLX_Types.Base_Integer := RFLX.RFLX_Types.Base_Integer'First; + end record with + Dynamic_Predicate => + ((if Buffer /= null then + (Buffer'First = Buffer_First + and Buffer'Last = Buffer_Last)) + and RFLX_Types.To_Index (First) >= Buffer_First + and RFLX_Types.To_Index (Last) <= Buffer_Last + and First mod RFLX_Types.Byte'Size = 1 + and Buffer_Last < RFLX_Types.Index'Last + and First <= Last + 1 + and Last <= RFLX_Types.Bit_Length'Last - 1 + and Sequence_Last >= First - 1 + and Sequence_Last <= Last + and (if Sequence_Last > First - 1 and State = S_Valid then Valid (First_Element))); + + function Has_Element (Ctx : Context) return Boolean is + (Ctx.State = S_Valid and Ctx.Last - Ctx.Sequence_Last >= RFLX.RFLX_Types.Bit_Index (Element_Size)); + + function Valid_Element (Ctx : Context) return Boolean is + (Ctx.State = S_Valid and Valid (Ctx.Next_Element)); + + function Valid (Ctx : Context) return Boolean is + (Ctx.State = S_Valid); + + function Has_Buffer (Ctx : Context) return Boolean is + (Ctx.Buffer /= null); + + function Available_Space (Ctx : Context) return RFLX_Types.Bit_Length is + (Ctx.Last - Ctx.Sequence_Last); + + function Sequence_Last (Ctx : Context) return RFLX_Types.Bit_Length is + (Ctx.Sequence_Last); + + function Size (Ctx : Context) return RFLX_Types.Bit_Length is + (Ctx.Sequence_Last - Ctx.First + 1); + + function Byte_Size (Ctx : Context) return RFLX_Types.Length is + (RFLX_Types.To_Length (Size (Ctx))); + +end RFLX.RFLX_Scalar_Sequence; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_types-operations.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_types-operations.ads new file mode 100644 index 000000000..cb8e8da54 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_types-operations.ads @@ -0,0 +1,6 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); +pragma SPARK_Mode; +with RFLX.RFLX_Types.Operators; +with RFLX.RFLX_Generic_Types.Generic_Operations; + +package RFLX.RFLX_Types.Operations is new RFLX.RFLX_Types.Generic_Operations (RFLX.RFLX_Types.Operators); diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_types-operators.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_types-operators.ads new file mode 100644 index 000000000..2d6a55853 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_types-operators.ads @@ -0,0 +1,5 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); +pragma SPARK_Mode; +with RFLX.RFLX_Generic_Types.Generic_Operators; + +package RFLX.RFLX_Types.Operators is new RFLX.RFLX_Types.Generic_Operators; diff --git a/examples/apps/dccp/rflx/generated/rflx-rflx_types.ads b/examples/apps/dccp/rflx/generated/rflx-rflx_types.ads new file mode 100644 index 000000000..efc96d324 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx-rflx_types.ads @@ -0,0 +1,6 @@ +pragma Style_Checks ("N3aAbCdefhiIklnOprStux"); +pragma SPARK_Mode; +with RFLX.RFLX_Generic_Types; +with RFLX.RFLX_Builtin_Types; + +package RFLX.RFLX_Types is new RFLX.RFLX_Generic_Types (RFLX_Builtin_Types.Index, RFLX_Builtin_Types.Byte, RFLX_Builtin_Types.Bytes, RFLX_Builtin_Types.Bytes_Ptr, RFLX_Builtin_Types.Length, RFLX_Builtin_Types.Bit_Length); diff --git a/examples/apps/dccp/rflx/generated/rflx.ads b/examples/apps/dccp/rflx/generated/rflx.ads new file mode 100644 index 000000000..06c81f940 --- /dev/null +++ b/examples/apps/dccp/rflx/generated/rflx.ads @@ -0,0 +1,3 @@ +package RFLX is + +end RFLX; \ No newline at end of file diff --git a/examples/apps/dccp/rflx/out/DCCP_Option.svg b/examples/apps/dccp/rflx/out/DCCP_Option.svg new file mode 100644 index 000000000..6f9bc4687 --- /dev/null +++ b/examples/apps/dccp/rflx/out/DCCP_Option.svg @@ -0,0 +1,422 @@ + + + + + + +DCCP::Option + + + +Initial + + + + +intermediate_1 + +(⊤, 8, ⋆) + + + +Initial->intermediate_1 + + + + +Option_Type + +Option_Type + + + +intermediate_13 + +((Option_Type = DCCP::PADDING + or Option_Type = DCCP::MANDATORY) +or Option_Type = DCCP::SLOW_RECEIVER, 0, ⋆) + + + +Option_Type->intermediate_13 + + + + +intermediate_14 + +((Option_Type /= DCCP::PADDING + and Option_Type /= DCCP::MANDATORY) +and Option_Type /= DCCP::SLOW_RECEIVER, 8, ⋆) + + + +Option_Type->intermediate_14 + + + + +Option_Length + +Option_Length + + + +intermediate_6 + +(Option_Length >= 4 +and Option_Type = DCCP::ELAPSED_TIME, +Option_Length * 8 - 16, ⋆) + + + +Option_Length->intermediate_6 + + + + +intermediate_7 + +(Option_Type = DCCP::CCID3_LOSS_EVT_RATE, 32, ⋆) + + + +Option_Length->intermediate_7 + + + + +intermediate_8 + +(Option_Length >= 3 +and Option_Type = DCCP::NDP_COUNT, +Option_Length * 8 - 16, ⋆) + + + +Option_Length->intermediate_8 + + + + +intermediate_9 + +(((Option_Type = DCCP::CHANGE_L +  or Option_Type = DCCP::CHANGE_R) + or Option_Type = DCCP::CONFIRM_L) +or Option_Type = DCCP::CONFIRM_R, 8, ⋆) + + + +Option_Length->intermediate_9 + + + + +intermediate_10 + +(Option_Type = DCCP::CCID3_RCV_RATE, 32, ⋆) + + + +Option_Length->intermediate_10 + + + + +intermediate_11 + +(Option_Type = DCCP::TIMESTAMP_ECHO, 32, ⋆) + + + +Option_Length->intermediate_11 + + + + +intermediate_12 + +(Option_Type = DCCP::TIMESTAMP, 32, ⋆) + + + +Option_Length->intermediate_12 + + + + +Loss_Event_Rate + +Loss_Event_Rate + + + +intermediate_2 + +(⊤, 0, ⋆) + + + +Loss_Event_Rate->intermediate_2 + + + + +NDP_Count_Opt + +NDP_Count_Opt + + + +intermediate_3 + +(⊤, 0, ⋆) + + + +NDP_Count_Opt->intermediate_3 + + + + +Option_Feature + +Option_Feature + + + +intermediate_4 + +((Option_Type = DCCP::CONFIRM_L + or Option_Type = DCCP::CONFIRM_R) +and (Option_Feature < DCCP::FEATURE_RESERVED +     or Option_Feature > 255), 0, ⋆) + + + +Option_Feature->intermediate_4 + + + + +intermediate_5 + +(⊤, 8, ⋆) + + + +Option_Feature->intermediate_5 + + + + +Receive_Rate + +Receive_Rate + + + +intermediate_16 + +(⊤, 0, ⋆) + + + +Receive_Rate->intermediate_16 + + + + +Timestamp_Echo_Opt + +Timestamp_Echo_Opt + + + +intermediate_17 + +(Option_Length >= 8 +and Option_Type = DCCP::TIMESTAMP_ECHO, +Option_Length * 8 - 48, ⋆) + + + +Timestamp_Echo_Opt->intermediate_17 + + + + +Timestamp_Option + +Timestamp_Option + + + +intermediate_18 + +(⊤, 0, ⋆) + + + +Timestamp_Option->intermediate_18 + + + + +Option_Value + +Option_Value + + + +intermediate_15 + +(⊤, 0, ⋆) + + + +Option_Value->intermediate_15 + + + + +Elapsed_Time_Opt + +Elapsed_Time_Opt + + + +intermediate_0 + +(⊤, 0, ⋆) + + + +Elapsed_Time_Opt->intermediate_0 + + + + +Final + + + + +intermediate_0->Final + + + + + +intermediate_1->Option_Type + + + + + +intermediate_2->Final + + + + + +intermediate_3->Final + + + + + +intermediate_4->Final + + + + + +intermediate_5->Option_Value + + + + + +intermediate_6->Elapsed_Time_Opt + + + + + +intermediate_7->Loss_Event_Rate + + + + + +intermediate_8->NDP_Count_Opt + + + + + +intermediate_9->Option_Feature + + + + + +intermediate_10->Receive_Rate + + + + + +intermediate_11->Timestamp_Echo_Opt + + + + + +intermediate_12->Timestamp_Option + + + + + +intermediate_13->Final + + + + + +intermediate_14->Option_Length + + + + + +intermediate_15->Final + + + + + +intermediate_16->Final + + + + + +intermediate_17->Elapsed_Time_Opt + + + + + +intermediate_18->Final + + + + + diff --git a/examples/apps/dccp/rflx/out/DCCP_Packet.svg b/examples/apps/dccp/rflx/out/DCCP_Packet.svg new file mode 100644 index 000000000..dd4821e43 --- /dev/null +++ b/examples/apps/dccp/rflx/out/DCCP_Packet.svg @@ -0,0 +1,811 @@ + + + + + + +DCCP::Packet + + + +Initial + + + + +intermediate_18 + +(⊤, 16, ⋆) + + + +Initial->intermediate_18 + + + + +Source_Port + +Source_Port + + + +intermediate_33 + +(⊤, 16, ⋆) + + + +Source_Port->intermediate_33 + + + + +Destination_Port + +Destination_Port + + + +intermediate_17 + +(⊤, 8, ⋆) + + + +Destination_Port->intermediate_17 + + + + +Data_Offset + +Data_Offset + + + +intermediate_16 + +(⊤, 4, ⋆) + + + +Data_Offset->intermediate_16 + + + + +CCVal + +CCVal + + + +intermediate_8 + +(⊤, 4, ⋆) + + + +CCVal->intermediate_8 + + + + +CsCov + +CsCov + + + +intermediate_10 + +(⊤, 16, ⋆) + + + +CsCov->intermediate_10 + + + + +Checksum + +Checksum + + + +intermediate_9 + +(⊤, 3, ⋆) + + + +Checksum->intermediate_9 + + + + +Res_3 + +Res_3 + + + +intermediate_21 + +(⊤, 4, ⋆) + + + +Res_3->intermediate_21 + + + + +Packet_Type + +Packet_Type + + + +intermediate_20 + +(⊤, 1, ⋆) + + + +Packet_Type->intermediate_20 + + + + +X + +X + + + +intermediate_34 + +(X = DCCP::EXTENDED, 8, ⋆) + + + +X->intermediate_34 + + + + +intermediate_35 + +(X = DCCP::NOT_EXTENDED, 24, ⋆) + + + +X->intermediate_35 + + + + +Res_8 + +Res_8 + + + +intermediate_22 + +(⊤, 48, ⋆) + + + +Res_8->intermediate_22 + + + + +Sequence_Number_Short + +Sequence_Number_Short + + + +intermediate_28 + +(Packet_Type /= DCCP::DCCP_DATA +and Packet_Type /= DCCP::DCCP_REQUEST, 8, ⋆) + + + +Sequence_Number_Short->intermediate_28 + + + + +intermediate_29 + +(Packet_Type = DCCP::DCCP_DATA +and Data_Offset * 32 = Sequence_Number_Short'Last - Message'First + 1, +Message'Last - Sequence_Number_Short'Last, ⋆) + + + +Sequence_Number_Short->intermediate_29 + + + + +intermediate_30 + +(Packet_Type = DCCP::DCCP_DATA +and Data_Offset * 32 > Sequence_Number_Short'Last - Message'First + 1, +Data_Offset * 32 - (Sequence_Number_Short'Last - Message'First + 1), ⋆) + + + +Sequence_Number_Short->intermediate_30 + + + + +Sequence_Number_Long + +Sequence_Number_Long + + + +intermediate_24 + +(Packet_Type /= DCCP::DCCP_DATA +and Packet_Type /= DCCP::DCCP_REQUEST, 16, ⋆) + + + +Sequence_Number_Long->intermediate_24 + + + + +intermediate_25 + +(Packet_Type = DCCP::DCCP_DATA +and Data_Offset * 32 = Sequence_Number_Long'Last - Message'First + 1, +Message'Last - Sequence_Number_Long'Last, ⋆) + + + +Sequence_Number_Long->intermediate_25 + + + + +intermediate_26 + +(Packet_Type = DCCP::DCCP_DATA +and Data_Offset * 32 > Sequence_Number_Long'Last - Message'First + 1, +Data_Offset * 32 - (Sequence_Number_Long'Last - Message'First + 1), ⋆) + + + +Sequence_Number_Long->intermediate_26 + + + + +intermediate_27 + +(Packet_Type = DCCP::DCCP_REQUEST, 32, ⋆) + + + +Sequence_Number_Long->intermediate_27 + + + + +Ack_Reserved_Short + +Ack_Reserved_Short + + + +intermediate_7 + +(⊤, 24, ⋆) + + + +Ack_Reserved_Short->intermediate_7 + + + + +Ack_Reserved_Long + +Ack_Reserved_Long + + + +intermediate_6 + +(⊤, 48, ⋆) + + + +Ack_Reserved_Long->intermediate_6 + + + + +Ack_Number_Short + +Ack_Number_Short + + + +intermediate_4 + +((((Packet_Type = DCCP::DCCP_ACK +   or Packet_Type = DCCP::DCCP_DATA_ACK) +  or Packet_Type = DCCP::DCCP_CLOSE) + or Packet_Type = DCCP::DCCP_CLOSEREQ) +and Data_Offset * 32 = Ack_Number_Short'Last - Message'First + 1, +Message'Last - Ack_Number_Short'Last, ⋆) + + + +Ack_Number_Short->intermediate_4 + + + + +intermediate_5 + +((((Packet_Type = DCCP::DCCP_ACK +   or Packet_Type = DCCP::DCCP_DATA_ACK) +  or Packet_Type = DCCP::DCCP_CLOSE) + or Packet_Type = DCCP::DCCP_CLOSEREQ) +and Data_Offset * 32 > Ack_Number_Short'Last - Message'First + 1, +Data_Offset * 32 - (Ack_Number_Short'Last - Message'First + 1), ⋆) + + + +Ack_Number_Short->intermediate_5 + + + + +Ack_Number_Long + +Ack_Number_Long + + + +intermediate_0 + +((((((Packet_Type = DCCP::DCCP_ACK +     or Packet_Type = DCCP::DCCP_DATA_ACK) +    or Packet_Type = DCCP::DCCP_CLOSE) +   or Packet_Type = DCCP::DCCP_CLOSEREQ) +  or Packet_Type = DCCP::DCCP_SYNC) + or Packet_Type = DCCP::DCCP_SYNCACK) +and Data_Offset * 32 = Ack_Number_Long'Last - Message'First + 1, +Message'Last - Ack_Number_Long'Last, ⋆) + + + +Ack_Number_Long->intermediate_0 + + + + +intermediate_1 + +((((((Packet_Type = DCCP::DCCP_ACK +     or Packet_Type = DCCP::DCCP_DATA_ACK) +    or Packet_Type = DCCP::DCCP_CLOSE) +   or Packet_Type = DCCP::DCCP_CLOSEREQ) +  or Packet_Type = DCCP::DCCP_SYNC) + or Packet_Type = DCCP::DCCP_SYNCACK) +and Data_Offset * 32 > Ack_Number_Long'Last - Message'First + 1, +Data_Offset * 32 - (Ack_Number_Long'Last - Message'First + 1), ⋆) + + + +Ack_Number_Long->intermediate_1 + + + + +intermediate_2 + +(Packet_Type = DCCP::DCCP_RESET, 8, ⋆) + + + +Ack_Number_Long->intermediate_2 + + + + +intermediate_3 + +(Packet_Type = DCCP::DCCP_RESPONSE, 32, ⋆) + + + +Ack_Number_Long->intermediate_3 + + + + +Reset_Code + +Reset_Code + + + +intermediate_23 + +(⊤, 8, ⋆) + + + +Reset_Code->intermediate_23 + + + + +Service_Code + +Service_Code + + + +intermediate_31 + +(Data_Offset * 32 = Service_Code'Last - Message'First + 1, +Message'Last - Service_Code'Last, ⋆) + + + +Service_Code->intermediate_31 + + + + +intermediate_32 + +(Data_Offset * 32 > Service_Code'Last - Message'First + 1, +Data_Offset * 32 - (Service_Code'Last - Message'First + 1), ⋆) + + + +Service_Code->intermediate_32 + + + + +Data_1 + +Data_1 + + + +intermediate_12 + +(⊤, 8, ⋆) + + + +Data_1->intermediate_12 + + + + +Data_2 + +Data_2 + + + +intermediate_13 + +(⊤, 8, ⋆) + + + +Data_2->intermediate_13 + + + + +Data_3 + +Data_3 + + + +intermediate_14 + +(Data_Offset * 32 = Data_3'Last - Message'First + 1, +Message'Last - Data_3'Last, ⋆) + + + +Data_3->intermediate_14 + + + + +intermediate_15 + +(Data_Offset * 32 > Data_3'Last - Message'First + 1, +Data_Offset * 32 - (Data_3'Last - Message'First + 1), ⋆) + + + +Data_3->intermediate_15 + + + + +Options + +Options + + + +intermediate_19 + +(⊤, Message'Last - Options'Last, ⋆) + + + +Options->intermediate_19 + + + + +Data + +Data + + + +intermediate_11 + +(⊤, 0, ⋆) + + + +Data->intermediate_11 + + + + +intermediate_0->Data + + + + + +intermediate_1->Options + + + + + +intermediate_2->Reset_Code + + + + + +intermediate_3->Service_Code + + + + + +intermediate_4->Data + + + + + +intermediate_5->Options + + + + + +intermediate_6->Ack_Number_Long + + + + + +intermediate_7->Ack_Number_Short + + + + + +intermediate_8->CsCov + + + + + +intermediate_9->Res_3 + + + + + +intermediate_10->Checksum + + + + + +Final + + + + +intermediate_11->Final + + + + + +intermediate_12->Data_2 + + + + + +intermediate_13->Data_3 + + + + + +intermediate_14->Data + + + + + +intermediate_15->Options + + + + + +intermediate_16->CCVal + + + + + +intermediate_17->Data_Offset + + + + + +intermediate_18->Source_Port + + + + + +intermediate_19->Data + + + + + +intermediate_20->X + + + + + +intermediate_21->Packet_Type + + + + + +intermediate_22->Sequence_Number_Long + + + + + +intermediate_23->Data_1 + + + + + +intermediate_24->Ack_Reserved_Long + + + + + +intermediate_25->Data + + + + + +intermediate_26->Options + + + + + +intermediate_27->Service_Code + + + + + +intermediate_28->Ack_Reserved_Short + + + + + +intermediate_29->Data + + + + + +intermediate_30->Options + + + + + +intermediate_31->Data + + + + + +intermediate_32->Options + + + + + +intermediate_33->Destination_Port + + + + + +intermediate_34->Res_8 + + + + + +intermediate_35->Sequence_Number_Short + + + + + diff --git a/examples/apps/dccp/rflx/out/locations.json b/examples/apps/dccp/rflx/out/locations.json new file mode 100644 index 000000000..681bb7bed --- /dev/null +++ b/examples/apps/dccp/rflx/out/locations.json @@ -0,0 +1 @@ +{"../rflx/specs/dccp.rflx": {"DCCP_Packet": {"start": {"line": 202, "column": 9}, "end": {"line": 319, "column": 18}}}} \ No newline at end of file diff --git a/examples/apps/dccp/rflx/specs/dccp.rflx b/examples/apps/dccp/rflx/specs/dccp.rflx new file mode 100644 index 000000000..c9563b54e --- /dev/null +++ b/examples/apps/dccp/rflx/specs/dccp.rflx @@ -0,0 +1,321 @@ +-- Datagram Congestion Control Protocol (DCCP) +-- Written Specification: RFC 4340 + +-- The DCCP message structure is as outlined below. +-- The header ranges from 12 to 1020 bytes (up to Options, below). +-- +---------------------------------------+ -. +-- | Generic Header | | +-- +---------------------------------------+ | +-- | Additional Fields (depending on type) | +- DCCP Header +-- +---------------------------------------+ | +-- | Options (optional) | | +-- +=======================================+ -' +-- | Application Data Area | +-- +---------------------------------------+ + +package DCCP is + + type Port_Type is range 0 .. 2 ** 16 - 1 with Size => 16; + + -- start offset at 3 since this is the smallest packet size possible + type Data_Offset_Type is range 3 .. 2 ** 8 - 1 with Size => 8; + type Checksum_Type is range 0 .. 2 ** 16 - 1 with Size => 16; + type CCVal_Type is range 0 .. 2 ** 4 - 1 with Size => 4; + type Checksum_Coverage_Type is range 0 .. 2 ** 4 - 1 with Size => 4; + type Reserved_3_Type is range 0 .. 2 ** 3 - 1 with Size => 3; + + type Type_Field is + ( + DCCP_REQUEST => 0, + DCCP_RESPONSE => 1, + DCCP_DATA => 2, + DCCP_ACK => 3, + DCCP_DATA_ACK => 4, + DCCP_CLOSEREQ => 5, + DCCP_CLOSE => 6, + DCCP_RESET => 7, + DCCP_SYNC => 8, + DCCP_SYNCACK => 9 + ) with Size => 4; + + type CsCov_Type is range 0 .. 2 ** 4 - 1 with Size => 4; + + type Ext_Seq_Type is + ( + EXTENDED => 1, + NOT_EXTENDED => 0 + ) with Size => 1; + + type Sequence_Number_Long_Type is range 0 .. 2 ** 48 - 1 with Size => 48; + type Sequence_Number_Short_Type is range 0 .. 2 ** 24 - 1 with Size => 24; + + type Reserved_8_Type is range 0 .. 2 ** 8 - 1 with Size => 8; + type Reserved_16_Type is range 0 .. 2 ** 16 - 1 with Size => 16; + type Ack_Number_Long_Type is range 0 .. 2 ** 48 - 1 with Size => 48; + type Ack_Number_Short_Type is range 0 .. 2 ** 24 - 1 with Size => 24; + + type Service_Code_Type is range 0 .. 2 ** 32 - 1 with Size => 32; + + type Reset_Code_Type is + ( + UNSPECIFIED => 0, + CLOSED => 1, + ABORTED => 2, + NO_CONNECTION => 3, + PACKET_ERROR => 4, + OPTION_ERROR => 5, + MANDATORY_ERROR => 6, + CONNECTION_REFUSED => 7, + BAD_SERVICE_CODE => 8, + TOO_BUSY => 9, + BAD_INIT_COOKIE => 10, + AGGRESSION_PENALTY => 11 + -- 12 - 127 is RESERVED + -- 128 - 255 are CCID-specific codes + ) with Size => 8; + + type Data_Type is range 0 .. 2 ** 8 - 1 with Size => 8; + + type Opt_Type is + ( + -- SINGLE-BYTE OPTIONS + PADDING => 0, + MANDATORY => 1, + SLOW_RECEIVER => 2, + -- 3 - 31 are RESERVED + + -- MULTI-BYTE OPTIONS (followed by length and, optionally, data) + CHANGE_L => 32, + CONFIRM_L => 33, + CHANGE_R => 34, + CONFIRM_R => 35, + INIT_COOKIE => 36, + NDP_COUNT => 37, + ACK_VECTOR_0 => 38, + ACK_VECTOR_1 => 39, + DATA_DROPPED => 40, + TIMESTAMP => 41, + TIMESTAMP_ECHO => 42, + ELAPSED_TIME => 43, + DATA_CHECKSUM => 44, + -- 45 - 127 is RESERVED + -- 128 - 255 are CCID-specific options + CCID3_LOSS_EVT_RATE => 192, + CCID3_RCV_RATE => 194 + ) with Size => 8; + + type Option_Length_Type is range 0 .. 2 ** 8 - 1 with Size => 8; + type Option_Feature_Type is + ( + FEATURE_RESERVED => 0, + CCID => 1, + ALLOW_SHORT_SEQNOS => 2, + SEQUENCE_WINDOW => 3, + ECN_INCAPABLE => 4, + ACK_RATIO => 5, + SEND_ACK_VECTOR => 6, + SEND_NDP_COUNT => 7, + MINIMUM_CHECKSUM_COVERAGE => 8, + CHECK_DATA_CHECKSUM => 9 + -- 10 - 127 RESERVED + -- 128 - 255 CCID-Specific Features + ) with Size => 8; + + type Receive_Rate_Type is range 0 .. 2 ** 32 - 1 with Size => 32; + type Loss_Rate_Type is range 0 .. 2 ** 32 - 1 with Size => 32; + type Timestamp_Option_Type is range 0 .. 2 ** 32 - 1 with Size => 32; + type Timestamp_Echo_Option_Type is range 0 .. 2 ** 32 - 1 with Size => 32; + + type Option is + message + -- ***************** + -- OPTIONS SUBHEADER + -- ***************** + Option_Type : Opt_Type + then Option_Length + if (Option_Type /= PADDING + and Option_Type /= MANDATORY + and Option_Type /= SLOW_RECEIVER) + then null + if (Option_Type = PADDING + or Option_Type = MANDATORY + or Option_Type = SLOW_RECEIVER); + + Option_Length : Option_Length_Type + then Option_Feature + if (Option_Type = CHANGE_L + or Option_Type = CHANGE_R + or Option_Type = CONFIRM_L + or Option_Type = CONFIRM_R) + then Timestamp_Option + if (Option_Type = TIMESTAMP) + then Timestamp_Echo_Opt + if (Option_Type = TIMESTAMP_ECHO) + then Receive_Rate + if (Option_Type = CCID3_RCV_RATE) + then Loss_Event_Rate + if (Option_Type = CCID3_LOSS_EVT_RATE) + then NDP_Count_Opt + with Size => ((Option_Length * 8) - 16) + if Option_Length >= 3 and Option_Type = NDP_COUNT + then Elapsed_Time_Opt + with Size => ((Option_Length * 8) - 16) + if Option_Length >= 4 and Option_Type = ELAPSED_TIME; + + Option_Feature : Option_Feature_Type + then Option_Value + with Size => 8 -- at least 1 byte + + then null + -- RFC 4340, Para 6.2: Confirm options w/unk or invalid feature #s skip the Option_Value + if (Option_Type = CONFIRM_L or Option_Type = CONFIRM_R) + -- invalid feature range (before/after) + and (Option_Feature < FEATURE_RESERVED or Option_Feature > 255); + + Option_Value : Opaque + then null; + + Timestamp_Option : Timestamp_Option_Type + then null; + + Receive_Rate : Receive_Rate_Type + then null; + + Loss_Event_Rate : Loss_Rate_Type + then null; + + NDP_Count_Opt : Opaque + then null; + + Timestamp_Echo_Opt : Timestamp_Echo_Option_Type + then Elapsed_Time_Opt + with Size => ((Option_Length * 8) - 48) + if Option_Length >= 8 and Option_Type = TIMESTAMP_ECHO; + + Elapsed_Time_Opt : Opaque; + + end message; + + type Options is sequence of Option; + + -- RFC 4340, Para 5.1: Generic Header + type Packet is + message + -- ************** + -- GENERIC HEADER + -- ************** + Source_Port : Port_Type; + Destination_Port : Port_Type; + Data_Offset : Data_Offset_Type; + CCVal : CCVal_Type; + CsCov : Checksum_Coverage_Type; + Checksum : Checksum_Type; + Res_3 : Reserved_3_Type; + Packet_Type : Type_Field; + + -- value for X determines whether to use long or short sequence + X : Ext_Seq_Type + then Res_8 + if X = EXTENDED + then Sequence_Number_Short + if X = NOT_EXTENDED; + + -- Only 'present' if X = EXTENDED + Res_8 : Reserved_8_Type; + Sequence_Number_Long : Sequence_Number_Long_Type + then Ack_Reserved_Long + if Packet_Type /= DCCP_DATA and Packet_Type /= DCCP_REQUEST + then Service_Code + if Packet_Type = DCCP_REQUEST + then Options + with Size => (Data_Offset * 32) - (Sequence_Number_Long'Last - Message'First + 1) + if Packet_Type = DCCP_DATA + and ((Data_Offset * 32) > Sequence_Number_Long'Last - Message'First + 1) + then Data + if Packet_Type = DCCP_DATA + and ((Data_Offset * 32) = Sequence_Number_Long'Last - Message'First + 1); + + -- Only 'present' if X = NOT_EXTENDED + Sequence_Number_Short : Sequence_Number_Short_Type + then Ack_Reserved_Short + if Packet_Type /= DCCP_DATA and Packet_Type /= DCCP_REQUEST + then Options + with Size => (Data_Offset * 32) - (Sequence_Number_Short'Last - Message'First + 1) + if Packet_Type = DCCP_DATA + and ((Data_Offset * 32) > Sequence_Number_Short'Last - Message'First + 1) + then Data + if Packet_Type = DCCP_DATA + and ((Data_Offset * 32) = Sequence_Number_Short'Last - Message'First + 1); + + -- ************************************************************* + -- LONGER ACKNOWLEDGEMENT NUMBER SUBHEADER (when X = 1/EXTENDED) + -- ************************************************************* + Ack_Reserved_Long : Reserved_16_Type; + Ack_Number_Long : Ack_Number_Long_Type + then Service_Code + if Packet_Type = DCCP_RESPONSE + then Reset_Code + if Packet_Type = DCCP_RESET + then Options + with Size => (Data_Offset * 32) - (Ack_Number_Long'Last - Message'First + 1) + if (Packet_Type = DCCP_ACK + or Packet_Type = DCCP_DATA_ACK + or Packet_Type = DCCP_CLOSE + or Packet_Type = DCCP_CLOSEREQ + or Packet_Type = DCCP_SYNC + or Packet_Type = DCCP_SYNCACK) + and ((Data_Offset * 32) > Ack_Number_Long'Last - Message'First + 1) + then Data + if (Packet_Type = DCCP_ACK + or Packet_Type = DCCP_DATA_ACK + or Packet_Type = DCCP_CLOSE + or Packet_Type = DCCP_CLOSEREQ + or Packet_Type = DCCP_SYNC + or Packet_Type = DCCP_SYNCACK) + and ((Data_Offset * 32) = Ack_Number_Long'Last - Message'First + 1); + + -- ****************************************************************** + -- SHORTER ACKNOWLEDGEMENT NUMBER SUBHEADER (when X = 0/NOT_EXTENDED) + -- ****************************************************************** + Ack_Reserved_Short : Reserved_8_Type; + Ack_Number_Short : Ack_Number_Short_Type + then Options + with Size => (Data_Offset * 32) - (Ack_Number_Short'Last - Message'First + 1) + if (Packet_Type = DCCP_ACK + or Packet_Type = DCCP_DATA_ACK + or Packet_Type = DCCP_CLOSE + or Packet_Type = DCCP_CLOSEREQ) + and ((Data_Offset * 32) > Ack_Number_Short'Last - Message'First + 1) + then Data + if (Packet_Type = DCCP_ACK + or Packet_Type = DCCP_DATA_ACK + or Packet_Type = DCCP_CLOSE + or Packet_Type = DCCP_CLOSEREQ) + and ((Data_Offset * 32) = Ack_Number_Short'Last - Message'First + 1); + + -- RFC 4340, Para 5.2: DCCP-Request Packets (X=1) + Service_Code : Service_Code_Type + then Options + with Size => (Data_Offset * 32) - (Service_Code'Last - Message'First + 1) + if (Data_Offset * 32) > Service_Code'Last - Message'First + 1 + then Data + if (Data_Offset * 32) = Service_Code'Last - Message'First + 1; + + -- RFC 4340, Para 5.6: DCCP-Reset Packets + Reset_Code : Reset_Code_Type; + Data_1 : Data_Type; + Data_2 : Data_Type; + Data_3 : Data_Type + then Options + with Size => (Data_Offset * 32) - (Data_3'Last - Message'First + 1) + if (Data_Offset * 32) > Data_3'Last - Message'First + 1 + then Data + if (Data_Offset * 32) = Data_3'Last - Message'First + 1; + + Options : Options; + + Data : Opaque; + + end message; + +end DCCP; diff --git a/examples/apps/dccp/rflx/test/valid/10_DATA-ACK_Seq_5_ACK_3.raw b/examples/apps/dccp/rflx/test/valid/10_DATA-ACK_Seq_5_ACK_3.raw new file mode 100644 index 000000000..35ed13f0d Binary files /dev/null and b/examples/apps/dccp/rflx/test/valid/10_DATA-ACK_Seq_5_ACK_3.raw differ diff --git a/examples/apps/dccp/rflx/test/valid/1_REQUEST_Service_Not_Specified.raw b/examples/apps/dccp/rflx/test/valid/1_REQUEST_Service_Not_Specified.raw new file mode 100644 index 000000000..04e23394c Binary files /dev/null and b/examples/apps/dccp/rflx/test/valid/1_REQUEST_Service_Not_Specified.raw differ diff --git a/examples/apps/dccp/rflx/test/valid/2_RESPONSE_Service_Not_Specified.raw b/examples/apps/dccp/rflx/test/valid/2_RESPONSE_Service_Not_Specified.raw new file mode 100644 index 000000000..efb8e8ac9 Binary files /dev/null and b/examples/apps/dccp/rflx/test/valid/2_RESPONSE_Service_Not_Specified.raw differ diff --git a/examples/apps/dccp/rflx/test/valid/3_ACK_Seq_1.raw b/examples/apps/dccp/rflx/test/valid/3_ACK_Seq_1.raw new file mode 100644 index 000000000..48454aaca Binary files /dev/null and b/examples/apps/dccp/rflx/test/valid/3_ACK_Seq_1.raw differ diff --git a/examples/apps/dccp/rflx/test/valid/4_DATA-ACK_Seq_2.raw b/examples/apps/dccp/rflx/test/valid/4_DATA-ACK_Seq_2.raw new file mode 100644 index 000000000..b786a5051 Binary files /dev/null and b/examples/apps/dccp/rflx/test/valid/4_DATA-ACK_Seq_2.raw differ diff --git a/examples/apps/dccp/rflx/test/valid/5058_CLOSE_Seq_5002_ACK_52.raw b/examples/apps/dccp/rflx/test/valid/5058_CLOSE_Seq_5002_ACK_52.raw new file mode 100644 index 000000000..22134c87c Binary files /dev/null and b/examples/apps/dccp/rflx/test/valid/5058_CLOSE_Seq_5002_ACK_52.raw differ diff --git a/examples/apps/dccp/rflx/test/valid/5060_RESET_Seq_54_ACK_5002.raw b/examples/apps/dccp/rflx/test/valid/5060_RESET_Seq_54_ACK_5002.raw new file mode 100644 index 000000000..d8767d678 Binary files /dev/null and b/examples/apps/dccp/rflx/test/valid/5060_RESET_Seq_54_ACK_5002.raw differ diff --git a/examples/apps/dccp/rflx/test/valid/5_DATA-ACK_Seq_3.raw b/examples/apps/dccp/rflx/test/valid/5_DATA-ACK_Seq_3.raw new file mode 100644 index 000000000..951ab7087 Binary files /dev/null and b/examples/apps/dccp/rflx/test/valid/5_DATA-ACK_Seq_3.raw differ diff --git a/examples/apps/dccp/rflx/test/valid/6_ACK_Seq_1_ACK_2.raw b/examples/apps/dccp/rflx/test/valid/6_ACK_Seq_1_ACK_2.raw new file mode 100644 index 000000000..883e6fef4 Binary files /dev/null and b/examples/apps/dccp/rflx/test/valid/6_ACK_Seq_1_ACK_2.raw differ diff --git a/examples/apps/dccp/rflx/test/valid/7_ACK_Seq_2_ACK_3.raw b/examples/apps/dccp/rflx/test/valid/7_ACK_Seq_2_ACK_3.raw new file mode 100644 index 000000000..d7d42fccf Binary files /dev/null and b/examples/apps/dccp/rflx/test/valid/7_ACK_Seq_2_ACK_3.raw differ diff --git a/examples/apps/dccp/rflx/test/valid/8_DATA-ACK_Seq_4_ACK_2.raw b/examples/apps/dccp/rflx/test/valid/8_DATA-ACK_Seq_4_ACK_2.raw new file mode 100644 index 000000000..c8dbd200b Binary files /dev/null and b/examples/apps/dccp/rflx/test/valid/8_DATA-ACK_Seq_4_ACK_2.raw differ diff --git a/examples/apps/dccp/rflx/test/valid/9_ACK_Seq_3_ACK_4.raw b/examples/apps/dccp/rflx/test/valid/9_ACK_Seq_3_ACK_4.raw new file mode 100644 index 000000000..936068a5e Binary files /dev/null and b/examples/apps/dccp/rflx/test/valid/9_ACK_Seq_3_ACK_4.raw differ